Weekly Cyber: Shifting Threats and Tension Between Offense and Defense

Cybercrime is increasingly intersecting with both AI misuse and child exploitation. It deepens the emotional and developmental harm faced by young victims. 

As attackers weaponize online communities and employ poetic prompts to attempt jailbreaks, defenders continue to break the dark web and close the gaps that exploit the vulnerable.

Man Behind DMSoldiersNDD Dark Web Drug Network Jailed Following ERSOU Probe

A Norfolk man running the dark web vendor DMSoldiersNDD was jailed for six-and-a-half years after an ERSOU investigation. Investigators linked him to the sale of several class A drugs using evidence on a seized laptop. His former partner, Louise Daniels, received a 12-month community order with 100 hours of unpaid work and 15 days of rehabilitation activity for money laundering.

Coupang CEO Apologizes After Ex-Employee Access Key Exposes 33M Customers

Coupang is investigating a massive data breach that exposed the personal information of 33 million South Korean customers. Authorities suspect attackers exploited authentication vulnerabilities tied to a former employee’s active access key. Police are probing server weaknesses as over 10,000 affected users prepare for a potential class-action lawsuit.

Europol Dismantles Cryptomixer Service And Seizes Twenty-Five Million Euros In Bitcoin

Authorities dismantled Cryptomixer, a laundering platform linked to over €1.3 billion in illicit Bitcoin. The Europol-backed operation seized servers, data, the service’s domain, and €25 million in cryptocurrency. The takedown removes a key tool used by ransomware groups and dark web operators.

WARP PANDA Uses vCenter, ESXi and Stolen 365 Tokens to Reach Virtual Machines

Researchers identified WARP PANDA cyber espionage with deep access inside virtual systems. The group uses advanced implants built for VMware environments, giving them covert control of vCenter and ESXi hosts. They amassed sensitive data from virtual machines and expanded into cloud platforms using stolen Microsoft 365 session tokens. 

International Operation Breaks Up EUR 700 Million Crypto Fraud and Laundering Network

An international operation coordinated by Europol has dismantled a cryptocurrency fraud and laundering network that moved more than EUR 700 million. The network ran fake investment platforms supported by call centres and deceptive deepfake-driven advertising that targeted victims across Europe.

Virginia Contractors Accused Of Wiping Government Databases

The Justice Department has charged two Virginia contractors with allegedly deleting dozens of government databases after their employment ended. The indictment says the brothers accessed systems without authorization and removed data including FOIA records, and investigative files.

Maryland Man with FAA Contractor Laptop Sentenced for Brokering Access to US Firms

A developer job scam exposed foreign access inside U.S. tech networks. The court sentenced a Maryland man to fifteen months for securing roles using false claims and valid documents. He passed system access to an overseas operator and tricked at least thirteen employers, including firms linked to sensitive government programs.

Leaders of ‘Greggy’s Cult’ Charged with Sexually Exploiting Children

Five men who ran an online group called “Greggy’s Cult” were charged with sexually exploiting children through Discord. Prosecutors say they produced and shared child abuse material while extorting minors and adults to perform degrading acts, including self-harm. The arrests are part of Project Safe Childhood.

Poetic Prompts Can Bypass AI Guardrails And Unlock Dangerous Instructions Across Models

A European study shows that AI chatbots can be jailbroken with poetic prompts. Researchers found that verse disguises harmful requests and bypasses guardrails across major AI systems. The method achieved high success rates even on frontier models.

Tactics that Reveal Intent and What is at Stake

Recent operations show a coordinated approach that is disrupting drug markets, laundering services, and large-scale data breaches. Law enforcement is intensifying its pressure on cybercriminal networks, successfully dismantling infrastructure and pursuing operators across borders. 

Threat actors are moving deeper into virtualized and cloud environments, using stolen tokens and hypervisor-level implants to maintain covert, long-term access. When all else fails, and when security is tightened from every technical angle, malicious actors bank on human vulnerabilities.

Insider threats are being exploited as a critical flaw, with contractors allowing foreign operators access to their devices so they could steal data, and bypass security controls.