Weekly Cybersecurity Roundup: Major Law Enforcement Takedowns, University Breaches, Deepfake Victims, and Romance Lures
Published
This week belonged to the defenders. International law enforcement operations dismantled phishing infrastructure, cryptocurrency laundering networks, deepfake abuse platforms, and organized crime groups.
Women appeared at both ends of the threat landscape, where public figures were victimized through AI-generated deepfakes, and attackers posed as women for romance lures to collect sensitive military intelligence.
Smart TV Apps Turn Devices Into AI Data Collection Proxy Nodes
Free smart TV applications are enrolling some devices into Bright Data's residential proxy network through an embedded SDK, allowing web-scraping traffic to be routed through users' internet connections. Researchers at Include Security found integrations tied to connected TV platforms and identified apps that can monetize idle devices by serving as proxy exit nodes. The traffic is used for large-scale data collection operations, including AI training pipelines that rely on residential IP addresses to avoid rate limits and detection measures.
PACER to Enforce Stronger Password Standards, Mandatory 180-Day Password Changes
The U.S. federal judiciary's Public Access to Court Electronic Records (PACER) system will begin enforcing updated password standards starting August 17, 2026. Users who have not changed their passwords within the past 18 months may be randomly selected to update their credentials, which must be 14-45 characters long and include uppercase, lowercase, and special characters. PACER will also require password changes every 180 days, with users given three opportunities to defer the update before their accounts are locked. The judiciary said the changes are intended to reduce the risk of compromised credentials and unauthorized access to court records and filing systems.
GitHub Pulls 73 Microsoft Repositories in Self-Spreading Malware Campaign
GitHub removed 73 Microsoft repositories after attackers used a compromised contributor account to distribute the Miasma worm. The malware was designed to steal credentials and spread through development environments. The malicious commit was pushed through a previously compromised contributor account, allowing the worm to spread through trusted repositories. Attackers targeted developers using coding and AI-assisted programming tools. The affected repositories included projects tied to Azure and software development workflows.
FBI, Partners Dismantle Phishing-as-a-Service Platform
The FBI, Google, and Lumen's Black Lotus Labs disrupted Outsider, a Chinese phishing-as-a-service platform that had been active since 2023. It provided phishing kits and hosting infrastructure to cybercriminals. The platform was linked to more than 8,000 phishing domains and the theft of about 3.87 million credit cards. Authorities estimate the activity caused roughly $1.9 billion in losses worldwide. The operation seized domains, cryptocurrency, and other infrastructure and redirected thousands of phishing sites to FBI-controlled warning pages.
U.S. and France Disrupt Deepfake Pornography Sites After Italian Police Tip
The U.S. Department of Justice and Homeland Security seized the domains CFAKE.com and SOCFAKE.com, which hosted thousands of AI-generated nude and sexually explicit images of women. The sites targeted public figures, including politicians, journalists, athletes, and entertainers, via domains that violated the TAKE IT DOWN Act, a U.S. law enacted in 2025 that criminalizes harmful non-consensual sexual deepfakes. The investigation began after a tip from Italian police and expanded through cooperation with French authorities. A suspect was arrested in Nice, France, and cryptocurrency linked to the operation was seized.
Two Siblings Accused of Using Gift Card Scheme to Steal $80,000
Two Washington state siblings were charged for allegedly using a gift card sequencing scheme to steal over $80,000 from a national retailer. They loaded gift card numbers they never purchased on their phones and spent balances before legitimate buyers could use them. The pair allegedly bought merchandise, returned items for cash or store credit, and resold some products. Authorities also accused them of using stolen debit cards and identity information to make fraudulent purchases. The case was investigated by the Lynnwood Police Department with support from the FBI and ATF.
Insider Pleads Guilty to Steering Intelligence Agency Contracts
A former contractor working at a U.S. intelligence agency pleaded guilty to participating in a scheme tied to government technology purchases. He used his position and access to procurement information to influence contract awards. The arrangement allegedly helped selected vendors secure government business worth millions of dollars. In return, he received over $510,000 in secret payments from those vendors. The conduct reportedly continued from 2018 until 2024 before investigators uncovered the scheme.
Europol, Kosovo, and European Partners Use Sky ECC Intelligence to Dismantle Crime Network
A three-year investigation by Europol and law enforcement agencies in Belgium, France, Kosovo, and the Netherlands used intelligence recovered from the encrypted Sky ECC platform to expose a criminal network operating across Europe. Analysts traced communications, financial flows, and criminal infrastructure linked to drug trafficking and money laundering. The intelligence helped identify key suspects and uncover assets spread across multiple jurisdictions. Five suspected leaders were arrested during raids in Kosovo. Authorities have seized assets worth around EUR 80 million.
Global Operation Dismantles Crypto Laundering Service Linked to Ransomware
A global law enforcement effort helped dismantle AudiA6, a cryptocurrency laundering service allegedly used by ransomware groups and cybercriminal networks. They laundered more than EUR 336 million in illicit cryptocurrency between 2022 and 2025. The operation resulted in two arrests in Georgia, the seizure of over 30 servers and 25 domains, and the freezing of cryptocurrency assets. The platform enabled criminals to disguise the origins of stolen funds and cash out illicit proceeds. Authorities from Australia, Canada, France, Georgia, Germany, Iceland, Japan, Poland, Switzerland, the United Kingdom, and the United States worked on this campaign.
ShinyHunters Exploits Oracle PeopleSoft Zero-Day, Targets Universities Worldwide
Google Threat Intelligence Group linked the ShinyHunters extortion group to the exploitation of a critical Oracle PeopleSoft vulnerability. The attackers targeted over 100 organizations, with nearly 70% belonging to the higher education sector. Investigators found evidence of data theft, lateral movement, and extortion activity tied to compromised PeopleSoft environments. Stolen data was published on ShinyHunters' leak site. Researchers said the activity exploited CVE-2026-35273 as a zero-day and prompted notifications to potentially affected organizations worldwide.
Student Exposed in University of Nottingham Incident Claimed by ShinyHunters
The University of Nottingham is examining a security incident that may have exposed information belonging to current and former students. Threat group ShinyHunters has listed the university on its extortion site. They claim to have obtained over 40GB of data from the university's systems. Independent analysis of the leaked sample suggests the material includes personal, academic, and financial records. The case highlights the continued interest of cybercriminal groups in universities, which often hold decades of sensitive student information.
Hackers Posing as Women Target Russian Soldiers with Spyware and Telegram Theft
Researchers uncovered a cyber espionage campaign that used fake female personas to build trust with Russian military personnel online. The group named SiribClone allegedly approached soldiers through Telegram and other messaging platforms with offers of romance or humanitarian assistance. Victims were persuaded to install malicious apps or enter Telegram credentials into fake websites, giving attackers access to devices and accounts. Researchers said the operation deployed previously undocumented malware capable of stealing files, tracking locations, and recording conversations.
As AI Advances, the Margin for Error Shrinks
Students, public figures, software developers, government contractors, and soldiers all found themselves in the attackers' sights. Attackers found new ways to exploit trust through AI and compromised accounts. With the rapid pace of AI vulnerability detection, the message is clear that AI can blur the line between innovation and risk. Organizations have little time to relax on patching and vigilance. The need for timely patching remains unchanged.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular