TeamPCP, the cloud-focused cybercriminal group behind the CanisterWorm supply-chain attack, has escalated operations by compromising Aqua Security’s private GitHub organization (aquasec-com) to tamper with 44 repositories. Using a compromised service account ('Argon-DevOps-Mgt') with a long-lived Personal Access Token, attackers gained admin access to both public and private GitHub organizations. This access facilitated automated repository renaming, malicious Docker image uploads (tags 0.69.5 and 0.69.6 on Docker Hub), and the deployment of an infostealer via the TeamPCP Cloud stealer, which harvested GitHub tokens from CI runner environments. The initial CanisterWorm campaign involved 47 compromised npm packages leveraging ICP canisters for decentralized C2, with a self-propagating variant in @teale.io/eslint-config. The worm’s Python backdoors contacted ICP canisters every 50 minutes for dynamic payload updates, including a dormant state triggered by YouTube links. Persistence was achieved via masqueraded systemd services, and the operation was attributed to TeamPCP after they compromised Trivy scanner releases via stolen credentials. The scope includes packages in @EmilGroup, @opengov, @airtm/uuid-base32, and @pypestream/floating-ui-dom, with automated npm token harvesting enabling self-replication without user interaction.

A survey of over 3,400 IT and cybersecurity professionals reveals significant uncertainty in incident response capabilities for compromised AI systems. 56% of respondents lack awareness of their organization’s ability to halt AI systems during an attack, while only 32% believe they could respond within an hour. Confusion over ownership of enterprise AI applications exacerbates governance and security risks, with 20% of respondents unaware of accountability structures. Only 43% of security professionals express high confidence in their organization’s ability to investigate and explain serious AI incidents to leadership or regulators, highlighting systemic preparedness gaps.

Tycoon2FA, a subscription-based phishing-as-a-service (PhaaS) platform that bypassed MFA using adversary-in-the-middle techniques, resumed operations shortly after a global takedown in March 2026. Despite the seizure of over 300 domains and an initial 75% reduction in daily campaigns, the platform rapidly recovered to pre-disruption levels within days, executing at least 30 new phishing incidents. The Tycoon2FA operation, active since August 2023, offered subscription-based access for bypassing multi-factor authentication, targeting major services like Microsoft 365 and Google. It was linked to over 64,000 phishing incidents and facilitated unauthorized access to nearly 100,000 organizations globally by mid-2025. The primary operator, identified as 'SaaadFridi' and 'Mr_Xaad,' remains at large. The platform’s infrastructure relied on adversary-in-the-middle techniques, AI-generated decoy pages, and short-lived domains to evade detection, while customers employed tactics like ATO Jumping to distribute phishing URLs. The takedown involved Europol’s EC3 and law enforcement from six European countries.

A supply chain compromise in the Trivy vulnerability scanner resulted in credential-stealing malware being injected into official releases and GitHub Actions workflows. The breach affected over 32,000 GitHub stars and 100 million Docker Hub downloads, enabling the self-propagating CanisterWorm to spread across at least 100 organizations. Additional compromised versions (0.69.5 and 0.69.6) were identified on March 22, 2026, and Aqua Security's internal GitHub organization was exposed with repositories renamed in a scripted attack. On March 19, 2026, attackers compromised Trivy version 0.69.4, followed by the distribution of malicious Docker images through Docker Hub. Security researchers identified indicators of compromise linked to the TeamPCP infostealer, and Aqua Security confirmed unauthorized changes during their investigation. TeamPCP repurposed the Trivy compromise infrastructure to deploy a wiper attack targeting Iran or systems with Farsi locale settings over the weekend of March 21–22, 2026. The wiper payload executes only if the victim’s timezone or language indicates Iran, otherwise performing a local wipe or, if Kubernetes access is detected, destroying data on every cluster node. The campaign was orchestrated through Internet Computer Protocol (ICP) canisters that evade takedown attempts and alternate between malware delivery and Rick Roll redirects. TeamPCP operators claim large-scale data theft from major companies, including a multinational pharmaceutical firm, and boast of a second Aqua Security compromise used to spam GitHub accounts. The TeamPCP threat group has expanded operations beyond credential theft to include worm propagation, ransomware deployment, cryptocurrency mining, and destructive attacks targeting Kubernetes environments, underscoring persistent risks in CI/CD supply chains where compromised security tools enable rapid worm propagation and broader malicious activities.

In 2025, the high-tech sector became the most targeted industry for cyber-attacks, comprising 17% of Mandiant’s incident response investigations, surpassing financial services which held the top position in 2023 and 2024. The shift is highlighted in Mandiant’s M-Trends 2026 Report, published on March 23, 2026. The global median dwell time for intrusions increased from 11 days in 2024 to 14 days in 2025, with North Korea-linked espionage and IT worker scam campaigns exhibiting median dwell times of 122 days. Threat actors increasingly leveraged native system functionalities and legitimate tools to evade detection while focusing on recovery denial objectives in ransomware operations.

Analysis of 2025 incident data shows a dramatic reduction in the median time between initial system compromise and handoff to secondary threat groups, shrinking from hours to just 22 seconds. This shift reflects increased operational integration between initial access brokers and follow-on intrusion groups, with automation likely facilitating direct delivery of payloads. The trend underscores a maturing cybercrime ecosystem where access commodification and specialization accelerate attack timelines. The median dwell time for intrusions increased to 14 days in 2025, despite long-term declines over the past decade, driven in part by advanced evasion techniques attributed to North Korean cyberespionage actors and IT workers.

Varonis has launched Varonis Atlas, an end-to-end AI Security Platform designed to inventory, assess, test, govern, and monitor AI systems across enterprise environments. The platform integrates with the Varonis Data Security Platform to provide data-aware security controls for AI agents, custom LLMs, chatbots, and embedded AI across cloud, code repositories, and SaaS. Atlas addresses risks from autonomous AI actions, shadow AI, and third-party dependencies by enforcing runtime guardrails, continuous posture management, adversarial testing, and compliance automation tied to data context and real-time activity monitoring.

Microsoft is resolving an ongoing disruption affecting Exchange Online mailbox access via Outlook mobile and Mac desktop clients, caused by the introduction of a new virtual account in the service. Impacted users experience intermittent access failures since March 20, 2026. Microsoft initiated a rollback of the change as the remediation path after initial infrastructure restarts failed to resolve the issue. The outage has been classified as a service incident, typically reserved for critical disruptions with measurable user impact. Microsoft has not disclosed affected regions or user counts.

Researchers at XM Cyber identified and validated eight distinct attack vectors within AWS Bedrock environments that enable attackers to manipulate logs, hijack agents, poison prompts, redirect flows, degrade guardrails, and access downstream enterprise systems. These vectors leverage misconfigurations, excessive permissions, and insecure integrations to transform Bedrock from an AI application platform into a pivot point for data theft, lateral movement, and automated exploitation across cloud and on-premises infrastructure. The attack paths span log manipulation, knowledge base compromise (via data sources and stores), direct and indirect agent hijacking, flow injection, guardrail weakening or deletion, and prompt template poisoning. In each case, an attacker with limited privileges can escalate access to sensitive data, critical services, or administrative controls within minutes. The vectors demonstrate how Bedrock’s connectivity—while enabling powerful AI applications—also exposes the enterprise to novel attack surfaces that bypass traditional application security controls.

Threat actors leveraged tax-season urgency to distribute phishing emails impersonating the U.S. Internal Revenue Service (IRS) and other tax-related entities, targeting approximately 29,000 users across 10,000 organizations. Attackers delivered malicious payloads including legitimate Remote Monitoring and Management (RMM) tools such as ConnectWise ScreenConnect, Datto, and SimpleHelp to establish persistent access and facilitate credential harvesting, data theft, and lateral movement. Campaigns abused tax-themed lures including fake refund notices, W2 forms, IRS documents, and cryptocurrency tax forms to deceive recipients into clicking malicious links or downloading trojanized attachments. Campaigns primarily targeted U.S. organizations in financial services, technology, and retail, with a smaller subset targeting non-U.S. sectors such as manufacturing, healthcare, and higher education. The phishing infrastructure used obfuscation techniques such as Cloudflare to filter bots, typosquatting, and multi-vendor URL rewriting services to evade detection.

A critical insecure deserialization vulnerability in Cisco Secure Firewall Management Center (FMC) Software, tracked as CVE-2026-20131 (CVSS 10.0), is being actively exploited by the Interlock ransomware group to gain unauthenticated remote root access on unpatched systems. The flaw enables unauthenticated remote attackers to bypass authentication and execute arbitrary Java code with root privileges via crafted HTTP requests to a specific endpoint. Exploitation has been observed as a zero-day since January 26, 2026, more than a month before public disclosure and patch availability. Cisco issued its first advisory for CVE-2026-20131 on March 4, 2026, and Amazon Threat Intelligence confirmed active exploitation by Interlock starting in late January. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to patch by March 22, 2026, under BOD 22-01. Post-exploitation tooling includes custom JavaScript/Java RATs, PowerShell reconnaissance scripts, Linux reverse proxy configuration tools, memory-resident web shells, and ConnectWise ScreenConnect for persistence. Compromised environments are leveraged for ransomware operations and secondary monetization. AWS’s detailed analysis reveals additional post-exploitation components such as a memory-resident backdoor intercepting HTTP requests, Volatility for RAM credential parsing, and Certify for Active Directory Certificate Services misconfiguration exploitation.

On March 11, 2026, the Iranian hacktivist group Handala—linked to Iran’s Ministry of Intelligence and Security (MOIS)—conducted a targeted data-wiping attack against Stryker, a global medical technology company, affecting over 200,000 systems across 79 countries. The attack utilized Microsoft Intune to issue remote wipe commands, disrupting operations and sending over 5,000 workers in Ireland home. Handala claimed responsibility, citing retaliation for a U.S. missile strike, and the FBI subsequently seized two of the group’s data leak sites under a U.S. court warrant, disrupting its digital infrastructure. Stryker’s recovery efforts prioritized restoring supply-chain systems and customer orders, with no evidence of data exfiltration found by investigators (Microsoft DART and Palo Alto Unit 42). The attack was not a ransomware incident, and no malware was deployed. Handala, historically focused on Israeli targets, has expanded operations in alignment with Iranian state interests. The FBI’s latest warning highlights Handala’s use of Telegram as command-and-control infrastructure in separate malware campaigns targeting journalists, Iranian dissidents, and opposition groups worldwide, further reflecting the group’s evolving tactics and ongoing geopolitically motivated cyber activities.

An international Europol-backed law enforcement operation, codenamed Operation Alice, dismantled the fraudulent dark web platform "Alice with Violence CP" and over 373,000 related sites advertising fake child sexual abuse material (CSAM) and cybercrime-as-a-service (CaaS) offerings. The takedown ran from March 9–19, 2026, and involved 22 countries, including Germany, the US, UK, and Ukraine. The platform, operated by a 35-year-old Chinese national, defrauded approximately 10,000 victims into paying between €17 and €215 in Bitcoin, extracting an estimated €345,000 ($396,000) over a six-year period (2019–2025). The scam advertised both non-existent CSAM packages and CaaS services such as stolen card data and access to compromised systems. Authorities identified 440 users in 23 countries, with over 100 under investigation for attempted CSAM purchase. Seized infrastructure included 287 servers, 105 of which were located in Germany. An international arrest warrant has been issued for the operator. The operation follows other major takedowns, including the 2024 Kidflix CSAM platform disruption, highlighting continued cross-border efforts against online child exploitation.

The dual iOS exploit kit campaigns—Coruna and Darksword—continue to expand, now targeting iPhones running iOS 18.4 through 18.7 with the modular Darksword malware family. Darksword, attributed to the Russian threat actor UNC6353 alongside Coruna, leverages six known and zero-day vulnerabilities to achieve kernel read/write via Safari, enabling rapid exfiltration of cryptocurrency wallets, messages, location history, health data, and system credentials within seconds to minutes before self-wiping. The malware is a professionally engineered JavaScript platform with three documented payload families (GHOSTBLADE, GHOSTKNIFE, GHOSTSABER) used by multiple actors—UNC6353, UNC6748, and Turkish vendor PARS Defense—across Saudi Arabia, Turkey, Malaysia, and Ukraine since at least November 2025. Darksword’s OPSEC failures and use of watering hole attacks mirror Coruna’s tactics, while its ‘hit-and-run’ data theft model signals a shift toward opportunistic financial espionage. Apple has patched all exploited flaws in current iOS releases (18.7.3, 26.2, 26.3.1), and users are advised to upgrade and enable Lockdown Mode if at high risk. CISA has ordered U.S. federal agencies to patch three DarkSword-linked vulnerabilities (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520) by April 3, 2026, under BOD 22-01, while urging all organizations to prioritize fixes due to active exploitation in cryptocurrency theft and cyberespionage campaigns. UNC6353 deploys both exploit kits in watering-hole attacks targeting Ukrainian e-commerce, industrial equipment, and local services websites. Prior context: The Coruna exploit kit, first observed in February 2025, targeted iOS 13.0–17.2.1 with 23 exploits across five chains, used by UNC6353 and UNC6691 in watering hole attacks on Ukrainian and Chinese crypto-related websites. CISA added three Coruna-linked vulnerabilities to its Known Exploited Vulnerabilities catalog and mandated patches by March 26, 2026. Apple backported fixes to older devices, including iOS 15.8.7/16.7.15, addressing vulnerabilities linked to Operation Triangulation and U.S. military contractor L3Harris.

Threat actors are actively exploiting CVE-2025-32975, a maximum-severity authentication bypass vulnerability in Quest KACE Systems Management Appliance (SMA), to gain administrative control over unpatched internet-exposed systems. The flaw enables attackers to impersonate legitimate users without valid credentials, leading to full system takeover. Observed activity began the week of March 9, 2026, and includes lateral movement, credential harvesting, and persistence mechanisms. The vulnerability was patched by Quest in May 2025, but unpatched systems remain at critical risk.

A new infostealer malware named VoidStealer has been observed in the wild using a novel hardware breakpoint-based technique to bypass Chrome’s Application-Bound Encryption (ABE) and extract the v20_master_key directly from browser memory. The malware leverages a suspended Chrome process, attaches as a debugger, and sets hardware breakpoints on specific DLL instructions to capture the plaintext master key during browser startup decryption operations. This method does not require privilege escalation or code injection, making it stealthier than prior bypasses. VoidStealer, offered as malware-as-a-service since at least December 2025, is the first infostealer confirmed to use this technique in the wild, though it appears to be derived from the open-source ChromeKatz toolset ElevationKatz.

All ten finalists in the 2026 RSAC Innovation Sandbox integrate AI into their core cybersecurity offerings, highlighting the technology’s dominance in addressing challenges such as social engineering, identity management, governance, and code review. The competition, held annually at the RSA Conference, selects startups with products launched between December 2024 and December 2025, original problem-solving approaches, and under $5 million in revenue, providing each finalist with a $5 million uncapped SAFE investment. Each finalist specializes in distinct AI-driven solutions, including conversational AI for social engineering defense, AI-native code security engines, compliance tracking in CI/CD pipelines, and governance platforms for AI agents.

Attackers compromised two official Trivy-related GitHub Actions repositories—aquasecurity/trivy-action and aquasecurity/setup-trivy—and backdoored Trivy v0.69.4 releases, distributing a Python-based infostealer that harvests wide-ranging CI/CD and developer secrets. The payload executes in GitHub Actions runners and Trivy binaries, remaining active for up to 12 hours in Actions tags and three hours in the malicious release. The actors leveraged compromised credentials from a prior March incident and added persistence via systemd services, while also linking to a follow-up npm campaign using the CanisterWorm self-propagating worm. The incident traces to a credential compromise initially disclosed in early March 2026, which was not fully contained and enabled subsequent tag and release manipulations. Safe releases are now available and mitigation includes pinning Actions to full SHA hashes, blocking exfiltration endpoints, and rotating all affected secrets.

Google is introducing Advanced Flow, a one-time, multi-step process for Android power users to sideload APKs from unverified developers while reducing the risk of malware or scam installations. Scheduled for an August rollout, the mechanism requires users to enable Developer Mode, confirm they are not under coercion, restart and reauthenticate, wait 24 hours, and then verify legitimacy before installing unverified apps. A persistent warning will be displayed during and after installation. The initiative aims to balance Android’s openness with enhanced protection against social engineering tactics that exploit urgency to bypass security controls. Global financial losses from scams exceeded $442 billion in the prior year, according to the Global Anti-Scam Alliance (GASA).

Threat actors are abusing Microsoft Azure Monitor’s alerting functionality to deliver callback phishing emails that impersonate Microsoft Security Team billing alerts. The emails are sent via Azure’s legitimate platform using the [email protected] address and pass SPF, DKIM, and DMARC checks, increasing their credibility. Attackers craft alerts with phishing messages in the description field, targeting users with fake unauthorized charge warnings to prompt urgent callback to fraudulent support numbers. The campaign leverages easily triggered alert rules tied to billing, invoice, payment, and resource-related events, forwarding emails to victim lists while preserving original Microsoft headers and authentication results to bypass spam filters.

The FBI has directly attributed ongoing Signal and WhatsApp phishing campaigns to Russian Intelligence Services-affiliated threat actors, confirming the compromise of thousands of accounts globally and emphasizing that the attacks primarily target high-value individuals such as current and former U.S. government officials, military personnel, political figures, and journalists. The campaign bypasses end-to-end encryption by hijacking accounts through sophisticated social engineering, including impersonating support services and tricking users into sharing verification codes or scanning malicious QR codes to link attacker-controlled devices to accounts. The campaign was first flagged by CISA in late 2025 and has since been confirmed by German, Dutch, and now U.S. intelligence agencies. Targets include high-ranking politicians, military officers, diplomats, and investigative journalists across Germany and Europe, with additional confirmed targeting in the U.S. and other regions. Attackers gain access to private messages, contact lists, and group chats, enabling them to impersonate victims and launch further phishing campaigns. Signal has emphasized it will never initiate contact to request verification codes or PINs, and both Signal and WhatsApp users are advised to regularly review linked devices and avoid sharing verification codes. Russia-aligned threat clusters such as Star Blizzard, UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185) have been associated with similar tactics, and the FBI’s attribution underscores the state-sponsored nature of these operations targeting sensitive communications. French authorities have also warned of a surge in similar campaigns targeting government officials, journalists, and business leaders. Recent FBI and CISA guidance clarifies that victims who share verification codes lose account access while attackers gain monitoring and impersonation capabilities, whereas those who scan malicious QR codes enable attackers to link devices and silently access all past and future messages without the victim losing access unless explicitly removed from the app settings.

Oracle released an emergency security update addressing CVE-2026-21992, a critical unauthenticated remote code execution (RCE) vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw, with a CVSS v3.1 score of 9.8, allows remote exploitation over HTTP without authentication or user interaction, posing significant risk to exposed enterprise systems. Affected versions include Oracle Identity Manager 12.2.1.4.0, 14.1.2.1.0, and Oracle Web Services Manager 12.2.1.4.0, 14.1.2.1.0. Oracle strongly recommends immediate patching due to the vulnerability's low attack complexity and potential for widespread exploitation. The NIST NVD characterizes the flaw as "easily exploitable" and warns it may lead to full compromise of susceptible instances. As of this update, Oracle has not observed active exploitation of CVE-2026-21992 in the wild, though CISA previously added a similar Oracle Identity Manager pre-authenticated RCE flaw (CVE-2025-61757, CVSS 9.8) to its Known Exploited Vulnerabilities (KEV) catalog in November 2025, underscoring the pattern of high-risk, pre-auth RCE flaws in these products.

CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on March 21, 2026, requiring federal agencies to patch them by April 3, 2026. The vulnerabilities include three Apple issues (CVE-2025-31277, CVE-2025-43510, CVE-2025-43520), a critical Craft CMS flaw (CVE-2025-32432), and a Laravel Livewire issue (CVE-2025-54068), all under active exploitation. The Apple flaws are linked to the DarkSword iOS exploit kit, while the Craft CMS and Laravel Livewire bugs are tied to campaigns by MuddyWater and other threat actors. Exploitation of CVE-2025-32432 as a zero-day since February 2025 has been attributed to intrusion set Mimo (aka Hezb), deploying cryptocurrency miners and residential proxyware. CVE-2025-54068 is associated with Iranian state-sponsored group MuddyWater (aka Boggy Serpens), which has targeted diplomatic, energy, maritime, and financial sectors globally.

A misconfigured server hosted by a German cloud provider was discovered containing the complete toolset of a Beast ransomware group affiliate, exposing the group\'s tactics, techniques, and procedures (TTPs). The server contained reconnaissance, network mapping, credential theft, exfiltration, persistence, and lateral movement tools. Analysis of the toolset reveals significant overlap with other ransomware gangs, including the use of dual-use utilities such as AnyDesk, Mega, and batch scripts aimed at disrupting backups and security processes. The exposure provides defenders with actionable intelligence on mitigations and detection strategies against ransomware operations.

Within 20 hours of the public disclosure of an unauthenticated remote code execution vulnerability in Langflow (CVE-2026-33017), threat actors began exploiting exposed instances to execute arbitrary Python code, harvest credentials, and potentially compromise connected databases and software supply chains. The vulnerability, assigned a CVSS score of 9.3, requires no authentication and can be triggered via a single HTTP POST request to the /api/v1/build_public_tmp/{flow_id}/flow endpoint, where attacker-controlled data is passed to an unsandboxed exec() call. The flaw affects all versions of Langflow prior to and including 1.8.1, with a fix available in development version 1.9.0.dev8. It was discovered by security researcher Aviral Srivastava and reported on February 26, 2026. Sysdig observed the first exploitation attempts within 20 hours of the March 17, 2026 advisory, despite the absence of a public proof-of-concept. Attackers rapidly progressed from automated scanning to staged payload delivery and credential harvesting, including extraction of environment variables, configuration files, and database contents. The incident underscores the accelerating timeline of vulnerability weaponization, where attackers now routinely exploit flaws within hours of disclosure, far outpacing typical patching timelines for defenders.

An Iran-linked threat cluster tracked as Handala (and Void Manticore) executed a destructive wiper campaign against Stryker in March 2026 that erased tens of thousands of devices across 79 countries, disrupting manufacturing, order processing, and logistics for a Fortune 500 medical technology vendor. Unlike financially motivated ransomware, these attacks aim to create operational chaos and real-world consequences by deploying wipers via legitimate administrative tools and tunneling mechanisms to maximize lateral movement and simultaneous wiping. The event underscores a broader shift where geopolitical conflicts increasingly translate into destructive cyber operations against critical infrastructure and supply chains, requiring defenders to prioritize containment, identity controls, and administrative-path restrictions over traditional perimeter defenses.

Google announced a mandatory 24-hour wait period for installing apps from unverified developers on Android as part of a new advanced flow for sideloading, effective August 2026. The policy change aims to reduce malware distribution and scams by delaying installation until users confirm intent via biometric authentication or PIN after a device restart, complicating attacker persistence. Exceptions apply to ADB-based installs and verified developer channels. The move follows Google’s 2025 developer verification mandate requiring all apps on certified Android devices to be registered by verified developers to improve threat actor identification. In parallel, Google introduced limited distribution accounts for hobbyist developers and students, enabling app sharing with up to 20 devices without government ID or fees. The update arrives amid rising Android malware threats, with 17 malware families—including new variants like SURXRAT and TaxiSpy RAT—actively targeting users in Turkey, Italy, and other regions for device takeover and financial fraud.

Cybercriminals are increasingly leveraging artificial intelligence (AI) to enhance phishing campaigns, automate credential abuse, and obfuscate malicious activities by mimicking legitimate user behavior, thereby evading traditional rule-based and signature-based detection mechanisms. This shift necessitates the evolution of behavioral analytics from static pattern monitoring to dynamic, identity-centric risk modeling that identifies subtle behavioral inconsistencies in real time, particularly in the context of compromised credentials and privileged access misuse. The integration of AI into attack methodologies reduces reliance on malware delivery vectors and increases the scalability and stealth of social engineering, credential abuse, and adaptive malware campaigns.

The UK National Crime Agency (NCA) warns that adolescents are being systematically radicalized into cybercrime through exploitative online platforms and recommendation algorithms. The director general of the NCA, Graeme Biggar, highlighted how ‘toxic online spaces’ reshape crime by accelerating its global reach, increasing harm, and blurring boundaries between cybercrime, terrorism, and sexual exploitation. He emphasized that technology is no longer merely a tool but an active driver of criminal ecosystems, with platforms failing to address responsibility for algorithmic radicalization. Biggar also noted a rise in UK-based sophisticated social engineering attacks combining malware with human manipulation, alongside escalating investment scams, sextortion, and sadistic exploitation. Despite these threats, he cited enforcement successes such as the LockBit takedown, a 27% rise in fraud convictions, and sustained child sexual abuse arrest rates.

North Carolina musician Michael Smith pleaded guilty to orchestrating a $10M fraud scheme involving the artificial inflation of streaming royalties on major platforms including Spotify, Apple Music, Amazon Music, and YouTube Music. Using AI-generated music and automated bots, Smith bypassed anti-fraud controls by leveraging over 1,000 bot accounts and VPNs to stream songs billions of times between 2017 and 2024. The operation yielded more than $10M in illicit royalties diverted from legitimate artists and rights holders.