Polish authorities have arrested four members of an organized cybercrime group responsible for SIM-swapping attacks that resulted in millions in cryptocurrency theft. The gang breached telecom partners and hijacked email accounts to execute the attacks.
The arrests represent a significant operation against SIM-swapping fraud, a technique where criminals redirect phone numbers to devices under their control. This allows attackers to bypass two-factor authentication and gain access to email accounts and cryptocurrency wallets.
The gang exploited vulnerabilities in telecommunications infrastructure to intercept and redirect victims' SIM cards. Once they gained control of phone numbers, they could reset passwords and transfer digital assets from target accounts.
SIM-swapping has emerged as a prevalent threat in the cryptocurrency space. Victims often report losses in the hundreds of thousands of dollars, with some cases involving multi-million dollar thefts.
The investigation involved coordination between Polish law enforcement and telecom security teams. Authorities seized devices and digital evidence during the operation. The case highlights ongoing vulnerabilities in mobile carrier security protocols and the need for stronger authentication measures beyond SMS-based verification.
Market research firm Klue says the original hackers are deleting stolen customer data, but a second hacking group is now demanding ransom from the company.
Prediction market platform Polymarket disclosed a security breach where hackers stole user funds through a third-party vulnerability. The company announced it will refund affected users.
Threat actors are exploiting Shopify's Shop order-tracking app by injecting fake purchase receipts into user accounts. The attacks trick victims into revealing sensitive data or installing remote access malware.
A newly discovered macOS malware called Gaslight uses embedded fake errors and prompt injection strings to evade AI-powered malware analysis systems. The technique represents a new approach to defeating automated security tools.