- \n
- Four fraudulent call centres dismantled in Dnipro.<\/li>\n
- Experts deem AI-generated passwords unsafe.<\/li>\n
- Olympique de Marseille suffers a cyberattack.<\/li>\n
- Ukrainian faces 15 years in prison for selling fake documents.<\/li>\n<\/ul>\n<\/div>\n
Four fraudulent call centres dismantled in Dnipro\u00a0<\/h2>\n
In Dnipro, law enforcement from Ukraine and the Baltic states dismantled a large-scale fraud scheme, the SBU press centre said<\/a>.\u00a0<\/p>\n
The ringleader and 10 accomplices were detained. Over the course of a year they defrauded EU citizens of at least $1.2 million. The suspects face up to 12 years in prison with confiscation of assets.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-beb1b532ddf21ece-7428922575345069-1024x682.png\")
Source: SBU.<\/figcaption><\/figure>\n To run the scheme, the gang opened four call centres in Dnipro whose operators coaxed foreigners into investing in \u201cpromising\u201d crypto projects. They used a website that fully mimicked an exchange, showing victims fake charts of rising profits.<\/p>\n
According to law enforcement, to lull investors\u2019 suspicions the fraudsters initially paid out small real dividends. Victims then transferred larger sums to the scammers\u2019 crypto wallets.<\/p>\n
Once investments hit a certain threshold, the criminals cut off contact with victims and disappeared.<\/p>\n
Experts deem AI-generated passwords unsafe<\/h2>\n
Passwords generated by LLM<\/span>s can be cracked within hours. That was the conclusion of an experiment conducted<\/a> by Irregular\u2019s researchers.<\/p>\n
The three models tested \u2014 Claude, ChatGPT and Gemini \u2014 create passwords based on persistent patterns that attackers can exploit.<\/p>\n
Researchers asked each LLM to create a 16-character password containing uppercase and lowercase letters, digits and special symbols, and repeated the task 50 times. They checked the results with popular password-strength services, which scored them highly because the systems do not track generation patterns.<\/p>\n
Of the 50 passwords, Claude produced only 30 unique ones. Two recurred, and 18 were exact duplicates. Most shared the same first and last characters. ChatGPT and Gemini showed similar results.<\/p>\n
While testing Google\u2019s Nano Banana Pro image-generation model, researchers asked it to produce a unique password written on a sticky note. They were able to identify Gemini\u2019s patterns.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-29672c51541ba074-7428922476580289-1024x559.png\")
Source: Irregular.<\/figcaption><\/figure>\n Irregular concluded that LLM-generated strings can be cracked within hours using simple software on old hardware. The patterns they found have already seeped into public repositories, as developers widely use AI-generated strings for protection in real projects.<\/p>\n
The researchers urged developers to change all AI-generated passwords and to use dedicated solutions and password managers instead.<\/p>\n
Olympique de Marseille hit by cyberattack<\/h2>\n
On 24 February, the management of French football club Olympique de Marseille confirmed<\/a> a cyberattack after a hacker claimed a breach earlier in the month.<\/p>\n
According to BleepingComputer<\/a>, the attacker posted a sample of allegedly stolen information on a hacking forum, claiming to have taken a database with details of club employees and fans.<\/p>\n
The club gave no details of the incident, but the hacker said the stolen database includes information on 400,000 people, including:<\/p>\n
- \n
- names and addresses;<\/li>\n
- order information;<\/li>\n
- email addresses;<\/li>\n
- mobile phone numbers.<\/li>\n<\/ul>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-644ece6379b8657d-7428922409223676-1024x697.png\")
Source: BleepingComputer.<\/figcaption><\/figure>\n The attacker said the trove also contains data for more than 2,050 Drupal CMS accounts, including 34 club employees and 1,770 authors and moderators.<\/p>\n
Ukrainian faces 15 years for selling fake documents<\/h2>\n
Ukrainian national Yurii Nazarenko pleaded guilty to creating and running the OnlyFake website, the US Department of Justice said<\/a>.<\/p>\n
The platform used AI technologies to generate more than 10,000 realistic counterfeit IDs, including passports, driver\u2019s licences and US Social Security cards, as well as those of 56 other countries.\u00a0<\/p>\n
According to investigators, the service let customers customise the forgeries by choosing personal data or opting for random generation. Finished documents could appear as digital scans or photos on a table. Users\u2019 primary aim was to bypass KYC<\/span> checks at banks and crypto exchanges to launder money.<\/p>\n
In 2024, undercover FBI agents bought fake passports and ID cards on the site. Nazarenko accepted payment only in cryptocurrency and offered bulk discounts for packages of up to 1,000 documents, attempting to hide transaction trails through a network of anonymous wallets.<\/p>\n
The defendant was extradited from Romania in September 2025. He faces up to 15 years in prison. Sentencing is set for 26 June 2026.<\/p>\n
PayPal discloses data leak caused by internal error<\/h2>\n
A software bug in PayPal Working Capital, the firm\u2019s small-business lending app, exposed users\u2019 confidential information, the company said<\/a>.<\/p>\n
According to the notice, the leak began on 1 July 2025 but was discovered only on 12 December. The compromised data included:<\/p>\n
- \n
- names and email addresses;<\/li>\n
- phone numbers and work addresses;<\/li>\n
- Social Security numbers;<\/li>\n
- dates of birth.<\/li>\n<\/ul>\n
The fintech giant said it rolled back the code change that caused the issue, blocking access to the data the day after the bug was found. PayPal also recorded unauthorised transactions on some customers\u2019 accounts and has reimbursed those affected.<\/p>\n
The company reminded users it never asks for passwords or one-time codes by phone, SMS or email. According to<\/a> a PayPal spokesperson, around 100 customers were affected.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- An AI audit found<\/a> a critical bug in an Ethereum client.<\/li>\n
- Binance\u2019s leadership denied allegations of $1.7bn in transfers to Iranian entities.<\/li>\n
- ZachXBT accused<\/a> an Axiom employee of insider trading.<\/li>\n
- OpenClaw\u2019s AI agent went rogue<\/a> and deleted a Meta researcher\u2019s email.<\/li>\n
- Anthropic accused<\/a> Chinese AI labs of \u2018stealing\u2019 data.<\/li>\n
- Terra representatives blamed<\/a> Jane Street for the ecosystem\u2019s collapse.<\/li>\n
- An OpenAI employee\u2019s AI bot accidentally donated<\/a> \u2018for tetanus treatment\u2019.<\/li>\n
- Opinion: transaction simulation will help<\/a> protect crypto wallets.<\/li>\n<\/ul>\n
Weekend reading<\/h2>\n
In a new feature, ForkLog explores how the philosophical concept of biopolitics plays out in blockchain networks, why metaverses want users\u2019 biological data, and the risks of trading one\u2019s genome.<\/p>\n","protected":false},"excerpt":{"rendered":"
We round up the week\u2019s key cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":94799,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"This week\u2019s key cybersecurity news.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-94798","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"195","promo_type":"1","layout_type":"1","short_excerpt":"This week\u2019s key cybersecurity news.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/94798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=94798"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/94798\/revisions"}],"predecessor-version":[{"id":94800,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/94798\/revisions\/94800"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/94799"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=94798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=94798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=94798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- An AI audit found<\/a> a critical bug in an Ethereum client.<\/li>\n