A federal judge sentenced two New Jersey residents to a combined 16 years in prison for operating laptop farms that enabled North Korean IT workers to pose as American employees.
The defendants pleaded guilty to conspiracy to commit wire fraud after authorities uncovered their operation, which created a deceptive front allowing foreign workers to take U.S.-based IT jobs while remaining geographically located in North Korea.
The scheme exploited demand for remote tech workers by establishing networks of laptops that facilitated identity fraud. North Korean workers used these systems to apply for and secure positions at American companies, effectively stealing jobs and wages while potentially exposing employers to security risks.
The US Department of Justice pursued the case as part of broader efforts to combat sanctions evasion and fraudulent employment schemes tied to state-sponsored actors. North Korea actively generates revenue through IT workers who operate remotely for foreign companies, circumventing international sanctions.
This case highlights growing concerns about remote work vulnerabilities and the need for stricter verification processes in hiring. It also underscores law enforcement focus on domestic actors facilitating illicit foreign employment networks.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.