:

POLICE TAKE DOWN 'FIRST VPN' USED IN RANSOMWARE ATTACKS

SECURITY DESK2 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Law enforcement has seized the 'First VPN' service in an international operation. The platform was actively used by cybercriminals to conduct ransomware and data theft campaigns.

A virtual private network service called 'First VPN' has been taken offline following a coordinated international law enforcement action. The VPN provider facilitated ransomware attacks and data theft operations by masking the digital footprints of threat actors. The takedown involved multiple jurisdictions working together to disrupt the service's infrastructure. First VPN allowed attackers to anonymize their activities while penetrating networks, deploying ransomware, and exfiltrating sensitive data from victims across multiple sectors. Investigators identified the service as a key tool in numerous high-profile cyber incidents. By removing First VPN from operation, authorities aim to disrupt the attack chains used by criminal groups and raise the operational costs for conducting cyberattacks. The seizure is part of a broader effort by international law enforcement to target the infrastructure supporting cybercrime. Recent years have seen increased focus on disrupting VPN services, hosting providers, and communication platforms that enable illegal activity. Authorities did not disclose specific details about the investigation timeline or the number of victims affected by attacks routed through First VPN. However, the operation underscores the critical role VPN services play in cybercriminal operations. The takedown also highlights ongoing challenges in combating ransomware-as-a-service operations, which have proliferated across the dark web. Criminal groups continue adapting their tactics and infrastructure to evade law enforcement. Organizations are advised to review their security logs for indicators of compromise linked to First VPN traffic patterns. The seizure does not eliminate the broader threat landscape, as other VPN services and anonymization tools remain available to threat actors.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Research reveals that terrorist group Boko Haram is leveraging advanced AI technologies to enhance operational capabilities. A new report documents how the organization has integrated frontier AI systems into recruitment, planning, and execution efforts.

JUST NOWAI Desk

Researchers have discovered six vulnerabilities in U-Boot, a bootloader used across millions of devices, that could allow attackers to execute malicious code during device startup. The flaws could enable persistent malware installation while bypassing security protections.

JUST NOWIndustry Desk

Progress Software is alerting ShareFile customers running Storage Zone Controllers to immediately shut down their servers due to a credible external security threat targeting the on-premises file-sharing platform.

1H AGOIndustry Desk

A US court sentenced Angelo Martino, a former ransomware negotiator, to 70 months in prison for colluding with the BlackCat ransomware gang to extort $75.3 million from five of his employer's clients.

1H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.