Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds.

A study by Interisle Consulting found that new gTLDs introduced in the last few years command just 11% of the market for new domains, but accounted for roughly 37% of cybercrime domains reported between September 2023 and August 2024.

Western cybercriminals in online groups, like Scattered Spider, target vulnerable teens, pushing them towards harm and violence. The Com, a cybercriminal network, fosters extortion and violence among its members.

A new twist on the old sextortion scam involves sending personalized emails with webcam footage of individuals and a photo of their home, obtained from online mapping applications.

The issue, which began in late June, affected a few thousand Workspace accounts that were created without domain verification. Google has since fixed the problem and added more security measures to prevent similar bypasses in the future.

ICANN has warned the Chinese company responsible for the “.top” domain registry to improve its system for managing phishing reports or risk losing its license. ".top" was found to be a popular choice for phishing websites, behind only “.com.”

FIN7, a cybercrime group responsible for billions in losses, was dismantled by U.S. authorities in 2023. However, they resurfaced in 2024 with Stark Industries Solutions, hosting thousands of fake websites mimicking renowned companies.

A 22-year-old UK man recently arrested in Spain is believed to be the leader of the cybercrime group Scattered Spider, responsible for hacking into numerous organizations including Twilio, LastPass, and DoorDash.

An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

Authorities have identified Dmitry Yuryevich Khoroshev, a Russian man, as the alleged leader of the infamous LockBit ransomware group, which has extorted over $500 million from hundreds of victim organizations over the past four years.