Latest Internet & Cybersecurity News
INTERPOL-led operation arrests 574 in Africa targeting BEC and extortion networks
A coordinated INTERPOL operation named Operation Sentinel resulted in 574 arrests across 19 countries and recovered roughly $3 million while targeting business email compromise and digital extortion networks in Africa. The operation ran from October 27 to November 27, 2025 and involved multiple national law-enforcement partners
.
Cisco warns of active exploitation of zero‑day in AsyncOS email security appliances
Cisco disclosed a maximum‑severity zero‑day in AsyncOS affecting Cisco Secure Email Gateway and related appliances and reported active exploitation by a China‑nexus APT tracked as UAT‑9686. Cisco became aware of the intrusion campaign on December 10, 2025 and urged patching and mitigations for affected AsyncOS versions
.
Fortinet FortiGate appliances under active attack via SAML SSO bypass
Security vendors observed exploitation of two critical authentication bypasses in Fortinet FortiGate devices (CVE‑2025‑59718 and CVE‑2025‑59719), with attackers abusing single sign‑on flows to gain access to appliances. Arctic Wolf and others reported intrusions as early as December 12, 2025, prompting urgent advisories to patch and revoke compromised sessions
.
Alleged nation‑state compromise of F5 prompts securities class action
F5 disclosed a nation‑state intrusion in August 2025 that led to persistent access to development environments for BIG‑IP, triggering investor lawsuits alleging delayed disclosure and material impact on revenue guidance. A securities class action (Smith v. F5, Inc.) was filed alleging the company misled investors about timing and materiality of the incident
.
Kimwolf botnet reportedly hijacks 1.8 million Android TVs for large DDoS campaigns
Reports indicate the Kimwolf botnet has compromised approximately 1.8 million Android TV devices and is being used to launch large‑scale DDoS attacks, highlighting IoT attack surface risks. Vendors and ISPs are being urged to mitigate traffic and push firmware updates where possible
.
US DOJ and international partners disrupt E‑Note crypto laundering service
The US Department of Justice coordinated with international partners to take down infrastructure for E‑Note, a cryptocurrency exchange alleged to have laundered funds for transnational cybercriminal groups, disrupting on‑ramps used in ransomware and other crimes. The action targeted money‑laundering facilitation tied to attacks on healthcare and critical infrastructure
.
Ex‑cybersecurity staff plead guilty to moonlighting as ransomware operators
Bloomberg and other reporting cite guilty pleas from former cybersecurity incident responders who allegedly provided services to ransomware actors, underscoring insider threat risks and the criminalization of trusted expertise. The cases demonstrate law enforcement focus on people enabling ransomware infrastructure
.
FBI disrupts virtual money‑laundering and exposes on‑ramps for cybercrime funds
US authorities announced coordinated disruptions of virtual money‑laundering infrastructure used by cybercriminals, a move intended to choke off proceeds for ransomware and illicit marketplaces. The disruptions accompany broader international cooperation to trace and seize crypto proceeds
.
Reports map persistent links between credential leaks and Russian cybercriminal infrastructure
Analyses of blockchain flows and on‑chain indicators suggest connections between large credential breaches and Russian‑linked cybercriminal infrastructure, highlighting challenges tracing off‑ramp exchanges. Security researchers warn that lax controls at certain exchanges enable laundering of proceeds from breaches
.
Evasive Panda APT abuses DNS poisoning to deliver MgBot malware
Researchers reported that an APT tracked as Evasive Panda is poisoning DNS responses to deliver MgBot, demonstrating sophisticated supply‑chain‑like manipulation of DNS to distribute malware. The report emphasizes DNS integrity as a critical defensive control for organizations
.
‘Inside the biggest cyber attacks of 2025’ — industry retrospective highlights record breach volumes
Security analysts published retrospective coverage cataloging 2025 as among the most disruptive years for cyber incidents, noting record credential leaks, supply‑chain failures, and impacts across government, healthcare, finance, and critical infrastructure. The analyses argue systemic weaknesses and scale of automation amplified attacker impact throughout 2025
.
Threat intelligence bulletin: Stealth loaders, AI‑chatbot exploitation, and Docker supply‑chain concerns
Periodic threat bulletins list active trends including stealth loader families, exploitation of AI chatbot vulnerabilities, and attacks against Docker images and registries, underlining a diversified threat landscape moving into 2026. The Hacker News roundup on Dec 25, 2025 notes more than a dozen active stories affecting cloud and AI platforms
.