Policy & Government
Between May 19 and 22, Europol hosted the third and most successful operational week of Project A.S.S.E.T., bringing 31 countries and more than 40 agencies into one room to trace criminal money. The result: hundreds of bank accounts and crypto wallets identified.
Policy & Government
Dutch financial-crime investigators seized 800 servers and arrested two men tied to Stark Industries, a hosting firm researchers have long described as a bulletproof hoster. The action targets the shared infrastructure layer beneath Russian state-aligned cyber and influence operations.
Policy & Government
Canadian authorities arrested Jacob Butler, 23, of Ottawa, known online as 'Dort,' the alleged operator of the KimWolf DDoS-for-hire botnet. The US has charged him and is seeking extradition. KimWolf allegedly grew to nearly two million infected devices.
Application Security
Microsoft's Digital Crimes Unit disrupted Fox Tempest on May 19 — a malware-signing-as-a-service operation that issued over 1,000 fraudulent code-signing certificates to ransomware crews including Rhysida, Vanilla Tempest, and three Storm clusters at up to $9,500 per signed sample.
Cyber Crime
Europol and Eurojust executed Operation Endgame 2.0 May 19-22: 300+ servers dismantled, 650 domains, 20 international arrest warrants, €3.5M crypto seized across seven countries. The strategic target is the initial-access-broker layer that supplies ransomware affiliates.
Cyber Attacks
Mistral AI confirmed a codebase management breach as TeamPCP listed ~450 repositories at $25K buy-it-now, with a seven-day leak deadline.
Application Security
Three unrelated threat actors arrived at the same conclusion in March and April: the developer workstation is the best ROI beachhead. CSO Online's framing — the Developer Credential Economy — is the editorial line CISOs should adopt this quarter.
Data Breaches
Comcast just agreed to write a $117.5 million check over a vulnerability it didn't write. The Xfinity settlement is the first major Citrix Bleed bill to come due — the precedent it sets for shared customer-vendor liability is the part defenders should read twice.
Data Breaches
Odido's CEO confirmed May 12 that the Dutch telecom will not compensate 6.2 million ShinyHunters breach victims. Dutch prosecutors are investigating whether the company retained data beyond GDPR limits. The CRM compromise pattern matches the broader ShinyHunters Salesforce campaign.
Cyber Crime
A federal jury in Alexandria, Virginia convicted Sohaib Akhter on May 7, 2026 for his role in deleting roughly 96 U.S. government databases at federal contractor Opexus on the day he and his twin brother were fired in February 2025. The case is also notable for an unprecedented detail:
Fraud
404 Media's Joseph Cox published an investigation on May 7, 2026 in which he obtained, installed, and personally tested Haotian AI — a Chinese realtime deepfake software marketed to scammers — and watched a Cambodia-based operator's face shapeshift into his own during a live Microsoft Teams call. Haotian
Cyber Crime
Marlon Ferro, a 20-year-old Santa Ana, California man also known online as "GothFerrari" and "Marlo," was sentenced to 78 months in federal prison on May 7, 2026 for serving as the home-invader and money-launderer for a 14-person "Social Engineering Enterprise" that stole more than