Cybersecurity.watch

The Department of Justice announced the seizure of the LeakBase database, a major online forum for cybercriminals. Coordinated actions by law enforcement in 14 countries, including the United States, shut down the forum, seized data, and arrested individuals involved. This operation disrupts a significant platform for cybercriminals to profit from stolen data and demonstrates international cooperation in combating cybercrime.

https://www.justice.gov/opa/pr/united-states-leads-dismantlement-one-worlds-largest-hacker-forums

Inside Tycoon2FA: How a Leading AiTM Phishing Kit Operated at Scale

authentication, microsoft, phishing

Mar 5 2026

The article analyzes Tycoon2FA, a phishing-as-a-service platform that enabled large-scale adversary-in-the-middle (AiTM) attacks capable of bypassing multifactor authentication. It explains how the service intercepted login credentials and session cookies through proxy phishing pages that mimicked services such as Microsoft 365 and Gmail. The platform included evasion techniques and user-friendly infrastructure, enabling less-skilled attackers to run campaigns that reached hundreds of thousands of organizations each month. The article concludes with guidance on layered defenses, including improved authentication methods, phishing detection, and coordinated disruption efforts.

https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

Global Phishing-as-a-service Platform Taken Down in Coordinated Public-private Action

phishing

Mar 5 2026

Tycoon 2FA, a major phishing-as-a-service platform, was disrupted in a coordinated international operation led by Europol. The platform, which enabled large-scale account compromise, was taken down with the help of law enforcement and private sector partners, including Microsoft and Trend Micro. This operation highlights the importance of public-private partnerships in combating cybercrime.

https://www.europol.europa.eu/media-press/newsroom/news/global-phishing-service-platform-taken-down-in-coordinated-public-private-action

Turns Out Most Cybercriminals Are Old Enough to Know Better

threats

Mar 4 2026

Most cybercriminals (37%) are aged 35-44, not teens; arrests show adults engage in profit-driven activities like extortion and malware deployment, contrasting with younger hackers' diverse but less monetizable crimes. Cybercrime resembles organized business, highlighting adult sophistication over teenage dabbling.

https://www.theregister.com/2026/03/03/turns_out_most_cybercriminals_are/

LLMs Can Unmask Pseudonymous Users at Scale With Surprising Accuracy

ai, privacy, threats

Mar 4 2026

Large language models (LLMs) can accurately unmask pseudonymous users on social media platforms, thereby undermining the privacy afforded by pseudonymity. Researchers found that LLMs can achieve high recall and precision rates in identifying users based on their online activity, posing risks of doxxing, stalking, and targeted advertising. The study highlights the need for stronger privacy protections and suggests mitigations, such as rate limits on data access and monitoring for LLM misuse.

https://arstechnica.com/security/2026/03/llms-can-unmask-pseudonymous-users-at-scale-with-surprising-accuracy/

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

ai, ai agent, vulnerability

Mar 4 2026

IDPI exploits hidden instructions in web content processed by LLMs, causing unauthorized actions without direct interaction. Recent evidence shows substantial real-world malicious exploitation, including AI ad review evasion and SEO manipulation targeting phishing. 22 techniques were identified, necessitating proactive defenses against such threats. Understanding and mitigating web-based IDPI is crucial for the safety of AI systems integrated into web operations.

https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/

Poisoning AI Training Data

ai, vulnerability

Mar 4 2026

A user demonstrated AI's vulnerability by fabricating an article about tech journalists eating hot dogs, which major chatbots mistakenly accepted as fact within hours. This highlights AI's unreliability and potential for misinformation, especially as these systems gain wider trust.

https://www.schneier.com/blog/archives/2026/02/poisoning-ai-training-data.html

Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat

ddos, eu, report

Mar 3 2026

DDoS attacks surged in 2025, with a 75% increase, becoming a constant threat to digital infrastructures in Europe. Attacks lasted up to 12,388 minutes, and follow-up incidents increased by 80%. Link11 recommends continuous DDoS protection, advanced web application security, and AI-based detection for resilience against evolving threats.

https://markets.businessinsider.com/news/currencies/link11-releases-european-cyber-report-2026-ddos-attacks-become-a-constant-threat-1035885265

New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

email, frauds, google, threats

Mar 3 2026

Hackers are targeting Gmail users with a malicious fake Google Account Security Checkup tool that grants attackers access to sensitive information, including push notifications, contacts, GPS location, and clipboard contents. This attack uses deception to trick users into following prompts that compromise their account security. To protect themselves, users should only use the official Google Account Security Checkup tool through official channels, such as typing the URL directly into their browser.

https://www.forbes.com/sites/daveywinder/2026/03/01/check-your-gmail-account-security-now-ongoing-attacks-reported/

US‑Israel‑Iran Conflict May Trigger Unprecedented Cyberattacks

threats

Mar 3 2026

US-Israel-Iran tensions may lead to extensive cyberattacks disrupting critical infrastructure and financial systems. Cyberwarfare is increasingly integrated into military strategies, as past incidents demonstrate its potential for widespread damage without physical destruction. Experts warn that the ongoing conflict could escalate into coordinated attacks on various sectors, stressing the need for robust cybersecurity measures like zero-trust architecture.

https://www.khaleejtimes.com/world/asia/usisraeliran-trigger-unprecedented-cyberattacks?amp=1

Iran Cyberattack Blackout and War Risks

threats

Mar 3 2026

Iran faced a near-total internet blackout amid a cyberattack during military strikes, disrupting critical infrastructure and communication. Internet traffic dropped to 4% of normal levels as Iranian news outlets went offline and security systems failed, highlighting the integration of cyber warfare with traditional military actions. Analysts view cyberattacks as a tool for Iran to retaliate without escalating to full-scale war, presenting several potential response strategies, including cyberattacks, maritime threats, and support for militias. The incident underscores the rising importance of cybersecurity in global conflicts and advises individuals to enhance personal digital security measures during such tensions.

https://cyberguy.com/news/iran-cyberattack-blackout-war-risks/

Thousands of Public Google Cloud API Keys Exposed With Gemini Access After API Enablement

ai, api, google, vulnerability

Mar 2 2026

TLDR: Research reveals nearly 3,000 Google Cloud API keys publicly exposed, allowing unauthorized access to sensitive Gemini endpoints post-enablement. Users advised to secure their projects and rotate keys. Google is addressing the issue.

https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html

Cultivating a Robust and Efficient Quantum-safe HTTPS

chrome, encryption, google, internet, post-quantum

Mar 2 2026

Google's Chrome team is rolling out a program to implement quantum-safe HTTPS certificates using Merkle Tree Certificates (MTCs), which increase efficiency and transparency without compromising security. MTCs replace traditional certificate chains, reducing bandwidth usage while adopting post-quantum cryptography. The rollout has three phases: testing MTCs with existing certificates, inviting log operators for public MTCs, and establishing a new root store for MTCs. This initiative aims to ensure a robust, efficient, and scalable approach to enhanced web security amid evolving quantum threats.

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

Call Center Attacks: Vishing Continues to Rise

phishing, social engineering, voice

Feb 28 2026

Vishing attacks targeting call centers and help desks are on the rise, with attackers impersonating IT employees to gain access to company networks and data. Companies should consider additional training, updated credential change processes, and robust identification requirements to combat these attacks.

https://www.jdsupra.com/legalnews/call-center-attacks-vishing-continues-7511364/

Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data

ai, breach, claude, incident

Feb 28 2026

A hacker exploited Anthropic’s AI chatbot, Claude, to breach Mexican government agencies, stealing 150 gigabytes of sensitive data, including taxpayer and voter records. The hacker used Claude to identify vulnerabilities, write scripts, and automate data theft, bypassing Claude’s guardrails by posing as a bug bounty hunter. The attack highlights the growing trend of cybercriminals using AI tools to enhance their hacking capabilities.

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data