CIRCLE WITH A DOT

https://youtu.be/ucRTW4rgrbU?si=1CXNoAIw-ZZTxdXtwtafI'm unsure how this fell into my feed, but dayum#YouTube#cybercrime#scam#bot #bots #fraud

New.Sekoia: New widespread EvilTokens kit: device code phishing as-a-service – Part 1 https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/ @sekoia_io #infosec #threatresearch #phishing #cybercrime

Seeing FQDNs like "mtmoqiuq.20.218.142.124.static.hostiran[.]name" and "sgrwnbid.172-202-98-170.cloud-xip[.]com", we first thought some ASNs could be exploited similarly to the ".ARPA abuse" we described in one of our recent blogs. Turns out we were overthinking it... This kind of "DNS abuse" is so straight forward... We're not sure it qualifies as DNS abuse...Here is what is going on: Whatever IP address you prepend to "static.hostiran[.]name" creates a hostname which resolves to this IP... That is it! Same goes for cloud-xip[.]com!We've seen these kinds of hostnames a lot in SPAM emails recently, like the one we screenshot below which loads an image from a CDN as a giant hyperlink. We aren't sure why malicious SPAM actors bother to use this trick in their email links... If they control an IP, they can use it directly in URLs. They don't need a domain name!? And it isn't like this bypasses a firewall... If their IP is blocked, queries to those FQDNs will be too...Our best guesses are that:- Using hostnames rather than IPs helps them bypass SPAM email detection?- And / or it enables them to create "subdomains", which they seem to be doing to track something, either SPAM campaigns, or their victims.Technically, this could be used to create lookalike FQDNs. Those examples look like random subdomains, but literally anything can be prepended to the IP, so the only limit is your imagination! Not the most convincing lookalike by any means... but we've seen worse!Here is an example of how this can be abused to both, load content from literally any IP, and create low quality lookalikes:https://urlscan.io/result/019d1b3d-b94e-70f9-aae7-ecf5a02e3c89/#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #spam #scam

New."A tool once associated with social media automation has developed into infrastructure supporting financial crime."Group-IB: Cloud Phones: The Invisible Threat https://www.group-ib.com/blog/cloud-phones-invisible-threat/More:Infoecurity-Magazine: Cloud Phones Linked to Rising Financial Fraud Threat https://www.infosecurity-magazine.com/news/cloud-phones-financial-fraud/ #infosec #fraud #Android #Google #cybercrime

Dios mio! While researching a particular type of Colombian folk music, we stumbled across a .edu domain selling... accordions? Our first thought was potentially domain hijacking, but it appears to be more likely an exploitation of CVE-2026-27210 (TLDR; cross-site scripting). While the vulnerability has been patched in the plugin itself, not all pages have updated their plugins, and search engines have already indexed the poisoned pages! Pivoting led to 50+ additional domains found spread across three risky TLDs: .sbs, .pics, and .shop. The domains on .sbs and .pics appear to be config servers to exploit the vulnerability; the domains on .shop are the landing pages where victims can be scammed.IOCs:000o[.]sbs,0pen[.]sbs,123buys[.]shop,123me[.]shop,1bg[.]pics,1ki[.]pics,1mage[.]sbs,1ql[.]pics,1ty[.]pics,1vi[.]pics,1wr[.]pics,2ty[.]pics,569oagri[.]shop,66buys[.]shop,6ip[.]pics,6ym[.]pics,7rt[.]pics,8pi[.]pics,99buys[.]shop,99i[.]pics,9gwe[.]shop,a25n[.]shop,bk2[.]pics,bk59t[.]shop,buysok[.]shop,c68k[.]shop,cc1[.]pics,doo[.]pics,ep7[.]pics,estore-1[.]com,g9gvv[.]sbs,gaer896[.]shop,gm5[.]pics,gosok[.]shop,gt3[.]pics,h66p[.]shop,hh6[.]pics,iilvw[.]sbs,im9[.]pics,img1[.]sbs,in6[.]pics,jj3[.]pics,kk9[.]pics,lilil[.]sbs,llvvw[.]sbs,m66p6[.]shop,mebuys[.]shop,mg6[.]pics,mh8f6k[.]shop,mkk[.]pics,ms1[.]pics,nn6[.]pics,onsgs[.]com,p6[.]pics,p888p[.]shop,pan1[.]top,pic1[.]sbs,pic2[.]sbs,pt11[.]sbs,py3y[.]com,qq1[.]pics,rey89p[.]shop,shop56[.]shop,t88t8[.]shop,tp1[.]pics,tp9[.]pics,trues[.]sbs,up9[.]pics,upimg[.]sbs,uu2[.]pics,vt5[.]pics,vteyu[.]shop,vvf1[.]sbs,vvp1[.]sbs,w2w[.]pics,w88p[.]shop,wp59q[.]shop,wvlll[.]sbs,wvv1[.]sbs,wvvvv[.]sbs,x2p[.]pics,xyaer548[.]shop,yi1[.]pics#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #seo_poisoning #seopoisoning

Spam Trends: December – February 2026Results for spam activity for the period December 1 – January 31, 2026 are now available at Interisle's the Cybercrime Information Center. They include top-20 rankings of Top-level Domains, Domain Registrars, and Hosting Operators (by ASN) and aggregate records of all operators with phishing activity.Overall, we saw a decline in spam figures in this reporting period, with unique domain names reported for hosting spammed content or spambots declining 36% versus the prior quarter and the number of subdomain reseller accounts reported for hosting spammed content by 30%. We cannot foresee changes in spamming tactics and how these affect resource consumption, but we’ll treat these significant reductions as a positive.https://interisle.substack.com/p/spam-trends-december-february-2026#spam #cybercrime #cybercrimeinfocenter #scam

@heiseonline Ok, jetzt die Interessante Frage, welches Profil muss man kopieren und wo muss man sich bewerben? Um auf ähnliche Weise zusätzliche Gehälter ohne Arbeit zu bekommen? /s

@heiseonline wow, that's a packed news day—love seeing the open web and new tech partnerships moving forward like this.

Corriere.it - Homepage: Truffe informatiche, il procuratore di Napoli Nicola Gratteri LiveCybercrime, Naples Prosecutor Nicola Gratteri Live#Cybercrime #NicolaGratteri https://video.corriere.it/truffe-informatiche-il-procuratore-di-napoli-nicola-gratteri-in-diretta-video/b9a9e36e-a305-435a-a727-bc7c9fa8cxlk

#FreedomOfInformation #FreedomOfSpeech #Dubai #cybercrime https://www.bbc.com/news/articles/c743g4yn4k8o

International cyber fraud group dismantled.• €1M stolen through phishing attacks• Joint operation by Germany and France• Suspects arrested, crypto assets seized• Investigation coordinated via EurojustSource: https://www.eurojust.europa.eu/news/judicial-cooperation-key-arresting-leaders-online-fraud-groupFollow @technadu for cybersecurity and cybercrime updates.#InfoSec #CyberCrime #Phishing

Weltweiter Interpol-Schlag gegen Cybercrime: 45.000 IP-Adressen offlineBei einer großangelegten internationalen Polizeiaktion waren Phishing, Malware und Ransomware im Visier. Es kam zu zahlreichen Festnahmen.https://www.heise.de/news/Weltweiter-Interpol-Schlag-gegen-Cybercrime-45-000-IP-Adressen-offline-11210559.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#Kriminalität #Cybercrime #Journal #news

Kriminalität durch KI: Wie die EU gegen Deepfakes vorgehen willKünstlich generierte Bilder einer Person - sogenannte Deepfakes - werden immer häufiger für Betrugsmaschen genutzt. Die EU will dagegen vorgehen. Ein möglicher Weg: das Urheberrecht. Von Jean-Marie Magro.️ https://www.tagesschau.de/ausland/europa/eu-deepfakes-100.html?at_medium=mastodon&at_campaign=tagesschau.de#EU #Deepfakes #Cybercrime

n8n: Angriffe auf Sicherheitslücke in Automatisierungstool beobachtetAuf eine Schwachstelle im Automatisierungstool n8n laufen aktuell Angriffe. Updates stehen seit Januar bereit.https://www.heise.de/news/n8n-Angriffe-auf-Sicherheitsluecke-in-Automatisierungstool-beobachtet-11208040.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#Cyberangriff #Cybercrime #Exploit #IT #Security #Sicherheitslücken #Updates #news

Best Western Hotels: Weltweite Cyberangriffe auf touristische BuchungssystemeImmer noch gibt es neue Berichte von Phishing-Nachrichten kurz nach Buchung bei Best Western Hotels. Ursache seien anhaltende Cyberangriffe.https://www.heise.de/news/Best-Western-Hotels-Weltweite-Cyberangriffe-auf-touristische-Buchungssysteme-11205460.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#Kriminalität #Cybercrime #IT #Phishing #Security #news

"Darknet Diaries Deutsch": Hieu - vom Darknet zum Datendealer Teil 1Ein junger vietnamesischer Hacker will online Geld verdienen und landet im Darknet. Dort findet er einen globalen Daten-Schwarzmarkt.https://www.heise.de/news/Darknet-Diaries-Deutsch-Hieu-vom-Darknet-zum-Datendealer-Teil-1-11196882.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#Cybercrime #Cybersecurity #Darknet #DarknetDiaries #IdentityManagement #Journal #news

A kiddie and their script, part N of N!Mar 9 17:54:52 skapet sshd-session[97161]: Failed password for invalid user %company% from 20.83.3.189 port 17677 ssh2#scriptkiddies #sshgropers #passwordguessing #cybercrime #ssh #security And if you need some reading material, https://nxdomain.no/~peter/hailmary_lessons_learned.html (or g-tracked https://bsdly.blogspot.com/2013/10/the-hail-mary-cloud-and-lessons-learned.html)

Scammers impersonating law enforcement reportedly ran a fraud ring demanding thousands from victims under threat of arrest.Investigators traced Bitcoin wallets after a victim lost $79K.Social engineering remains one of the most effective attack vectors.Source: https://x.com/dom_lucre/status/2029943191022059828?s=20Follow @technadu for more infosec updates.#Infosec #CyberCrime #SocialEngineering