FBI dismantles alleged $70M crypto laundering operation
US feds have dismantled a crypto laundering service that they say helped cybercrooks wash tens of millions of dollars in dirty digital cash, seizing its servers and unsealing charges against an alleged Russian operator. The FBI, working with cops in Europe and a grab bag of state and federal agencies, announced this week that it has taken down the infrastructure behind E-Note, an unlicensed virtual currency exchange accused of acting as a financial rinse cycle. READ MORE...
113,000 Impacted by Data Breach at Virginia Mental Health Authority
Virginia mental health services provider Richmond Behavioral Health Authority (RBHA) says the personal information of more than 113,000 people was stolen in a recent ransomware attack. Serving the city of Richmond, RBHA is a public agency that provides mental health support, crisis care, intellectual disability, substance abuse, and prevention services. On September 29, the provider was hit by a ransomware attack that resulted in portions of its network being encrypted. READ MORE...
France arrests suspect tied to cyberattack on Interior Ministry
French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France's Ministry of the Interior earlier this month. In a statement issued by Public Prosecutor Laure Beccuau, officials said the suspected hacker was arrested on December 17, 2025, as part of an investigation into the attack. The suspect is accused of unauthorized access to an automated personal data processing system and conducted as part of an organized group. READ MORE...
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Attackers have been using compromised AWS Identity and Access Management (IAM) credentials to target cloud services in a sprawling cryptomining campaign that can deploy unauthorized miners 10 minutes after compromising customer infrastructure. Amazon Web Services (AWS) security researchers identified the malicious activity in early November using Amazon GuardDuty and automated security monitoring systems, according to a blog post published by AWS on Tuesday. READ MORE...
"Fake Proof" and AI Slop Hobble Defenders
Exploitation attempts have surged for a critical vulnerability in the React user interface library for Web applications. Some are capable of bypassing web application firewall (WAFs) rules, and others are non-working AI slop. Artificial intelligence compounds a pollution problem for defenders - especially when slop gets served up as a proof-of-concept exploit (PoCs), cybersecurity experts say. READ MORE...
Dormant Iran APT is Still Alive, Spying on Dissidents
For the first time in more than three years, researchers have new information about Iran's oldest state-level threat group. "Prince of Persia" - also known as "Infy" - isn't just the oldest known Iranian advanced persistent threat (APT). It's one of the oldest APTs in existence, rivalled only by groups like Turla and APT1. A decade ago, when it was first described in cybersecurity literature, researchers found evidence that its activity dated back to December 2004. READ MORE...
FortiGate devices targeted with malicious SSO logins
Researchers warn of intrusion activity that was first discovered on Friday targeting Fortinet FortiGate appliances using malicious single sign-on (SSO) logins, according to a blog released Monday from Arctic Wolf. The threat activity comes about a week after Fortinet disclosed two critical authentication bypass vulnerabilities in multiple products. Fortinet said the flaws were originally discovered by two members of its product security team. READ MORE...
Attacks pummeling Cisco AsyncOS 0-day since late November
Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix. Cisco disclosed the bug, tracked as CVE-2025-20393, on Wednesday and said it affects both physical and virtual SEG and SEWM appliances in certain non-standard configurations. READ MORE...
- ...in 1913, science fiction author Alfred Bester ("The Demolished Man," "The Stars My Destination") is born in New York City.
- ...in 1943, musician/songwriter Keith Richards, co-founder of the Rolling Stones ("(I Can't Get No) Satisfaction", "As Tears Go By"), is born in Kent, England.
- ...in 1958, Project SCORE is launched from Cape Canaveral. It was the first purpose-built communications satellite, and a response to Russia's Sputnik launches the previous year.
- ...in 2001, singer-songwriter Billie Eilish ("Bad Guy", "No Time to Die"), the youngest person to win the four main Grammy categories in the same year, is born in Los Angeles.
