Find notable cyber news and cases, enriched with sources, timelines, and signals.

1Campaign-DuppyMeister ecosystem shift changes threat-actor operations

Threat Actor Meta
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

1Campaign is a long-running cloaking service that helps operators keep malicious Google Ads online while evading researcher scrutiny and automated inspection. The service matters because it supports phishing and crypto-drainer delivery at scale, extending the life of fraudulent ads. Its filtering model lets customers target real users while suppressing scanners, cloud infrastructure, and other non-genuine traffic. That shifts the underground ad-fraud ecosystem toward more durable, harder-to-analyze abuse infrastructure.

Related Happenings

Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions

Threat Actor Meta
H score20 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...

Google civil lawsuit against Outsider Enterprise

Regulatory/Legal Action
H score55 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...

Magecart Stripe and Google Tag Manager card-skimming campaign

Campaign
H score36 First: 04.06.2026 23:47 Last: 04.06.2026 23:47 Sources 1

About this happening: The **Magecart** campaign is abusing **Stripe's API infrastructure** and **Google Tag Manager** containers to steal checkout data from **Magento/Adobe Commerce** stores. The skimm...

Underground DDoS sellers commoditize attack services with panels, API access, and reseller plans

Threat Actor Meta
H score20 First: 29.05.2026 17:32 Last: 29.05.2026 17:32 Sources 1

About this happening: Underground DDoS sellers are shifting from scattered tools to **packaged, resellable services**, lowering the barrier for disruptive attacks and widening the buyer pool. Listings...

Google expands Gemini AI for malicious ad blocking on Google Ads

Security Tool/Service
H score56 First: 16.04.2026 18:24 Last: 16.04.2026 18:24 Sources 1

About this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...

Timeline

  1. 24.02.2026 23:45 2 articles · 4mo ago

    1Campaign cloaking service exposed as a malicious Google Ads enabler

    Initial Disclosure

    1Campaign is a cloaking service used to keep malicious Google Ads online by filtering visitors in real time by geography, ISP, and device characteristics, showing benign white pages to security researchers and automated scanners while routing real users to attacker-controlled sites. The operation has been active for at least three years, is managed by a developer using the name DuppyMeister, provides a customer dashboard and Google Ads launcher tool, and can assign fraud-risk scores that block infrastructure associated with cloud providers such as Microsoft Corporation, Google, Tencent Cloud Computing, and OVH Hosting.

    Show sources