The Record

A prominent hacking operation known as RomCom and a lesser-known group tracked as Paper Werewolf or Goffee each exploited a zero-day vulnerability in WinRAR software this summer, researchers said.

In a statement on Monday, Finland’s National Prosecution Authority said they had brought aggravated criminal mischief and aggravated interference with communications charges against the three senior officers aboard the Eagle S, a tanker registered in the Cook Islands.

Although the U.K.’s High Court of Justice dismissed the foundation’s challenge, it said it would revisit the case if the organization was classified as category 1 by Ofcom — the country’s communications regulator — later this year.

The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH).

Embargo started to draw scrutiny in late 2024, just a few months after BlackCat’s leaders appeared to conduct an exit scam on affiliates.

Critics from press freedom groups say member states have not taken steps to give the law any teeth.

The statement followed a Wednesday report from Politico revealing a major hack of the courts’ case filing system which officials feared exposed the identities of confidential informants in criminal cases.

A North Korean state-linked hacking group known for spying added some "newly observed" ransomware to its kit in a campaign targeting South Koreans, researchers said.

Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom.

The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects.

Organizations with on-premises Microsoft Exchange servers are being urged to take steps to reduce exposure to a vulnerability recently reported by a researcher.

Bouygues Telecom, a large French mobile carrier, disclosed a cyberattack and data breach affecting more than 6 million customer accounts.

Fines from a state regulator pushed one car maker to improve the data privacy on its website and customer portal, and others seem to have taken notice, according to new ratings from the watchdog Privacy4Cars.

Tornado Cash cofounder Roman Storm was found guilty of conspiring to operate an unlicensed money-transmitting business, while the jury failed to reach a ruling on more significant charges around money laundering and sanctions violations.

Hackers have been sending fake summons emails purportedly from Ukrainian courts to target the country’s military and defense, cyber authorities have found.

The National Cyber Security Centre stressed that Britain was underestimating the severity of the risk to critical infrastructure from cyberattacks and provided updated guidance for operators to protect themselves.

Chukwuemeka Victor Amachukwu, 39, was extradited from France on Monday and appeared in a New York District Court on Tuesday — where he is now facing hacking, wire fraud and identity theft charges that will lead to decades-long sentences if he is convicted.

Windows spyware tracked as DevilsTongue — a product of the company Candiru — is likely still active, with clusters appearing in Hungary and Saudi Arabia, researchers said.

The Click Here podcast talked with DEF CON and Black Hat founder Jeff Moss ahead of this year's events in Las Vegas.

A broad range of personal and health data was exposed in an April ransomware attack on dialysis provider DaVita, the company said in notices filed in several states.