- \n
- The FBI puts cybercrime losses at $21bn.<\/li>\n
- Chrome adds chip-level protection against info-stealers.<\/li>\n
- Ukraine unmasks \u201chelpers\u201d offering crypto trading.<\/li>\n
- Researchers reveal new ways to hack computers.<\/li>\n<\/ul>\n<\/div>\n
The FBI estimates $21bn in cybercrime losses<\/h2>\n
Victims in the United States lost around $21bn to cybercrime, according to a report<\/a> by the FBI<\/span> for 2025.<\/p>\n
Top categories included investment fraud, business email compromise, tech-support scams and data breaches. The tally rose by 26% compared with 2024.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-872afa98c67e6f29-1450460623275341.webp\")
Source: FBI.<\/figcaption><\/figure>\n Last year, the most common complaints were:<\/p>\n
- \n
- phishing \u2014 191,000 cases;<\/li>\n
- extortion \u2014 89,000;<\/li>\n
- investment schemes \u2014 72,000.<\/li>\n<\/ul>\n
The last category accounted for 49% of recorded incidents, with losses of $8.6bn. However, the largest damage came from cryptocurrency-related crime: losses exceeded $11bn across 181,565 cases.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-3661cbdf34308e35-1450460762601127.webp\")
Source: FBI.<\/figcaption><\/figure>\n Key findings:<\/p>\n
- \n
- cyber fraud featured in 453,000 complaints and caused $17.7bn in losses;<\/li>\n
- Americans aged over 60 suffered the most: $7.7bn in losses (up 37% year-on-year);<\/li>\n
- for the first time, AI-enabled scams (voice cloning, fake profiles, forged documents and deepfake videos) were included: 22,300 complaints and $893m in losses.\u00a0<\/li>\n<\/ul>\n
Chrome gets chip-level protection against info-stealers<\/h2>\n
Google launched<\/a> Device Bound Session Credentials (DBSC<\/span>) in Chrome 146 for Windows. The feature is designed to block malware from stealing and reusing cookies.<\/p>\n
Session cookies act as authentication tokens that let users access accounts without re-entering credentials. Info-stealers such as GlassWorm<\/a> and LummaC2 have learned to extract these data effectively from browser memory or local files.<\/p>\n
DBSC cryptographically binds a user\u2019s session to specific hardware\u2014the computer\u2019s security chip:<\/p>\n
- \n
- on Windows \u2014 Trusted Platform Module;<\/li>\n
- on macOS \u2014 Secure Enclave.<\/li>\n<\/ul>\n
How the protection works:<\/p>\n
- \n
- the chip generates a unique public\u2013private key pair;<\/li>\n
- the private key cannot be exported off the device;<\/li>\n
- to issue new short-lived session cookies, Chrome must prove to the server that it controls the corresponding private key.<\/li>\n<\/ul>\n
If an attacker steals cookies, they become almost immediately useless, as the server will not validate the session without the hardware-held key. macOS users will get the feature in a future Chrome update.<\/p>\n
Ukraine exposes \u201chelpers\u201d in cryptocurrency trading<\/h2>\n
Ukrainian law enforcement uncovered a scheme to steal cryptocurrencies under the guise of trading assistance to \u201cmultiply profits,\u201d the Cyber Police reported<\/a>.\u00a0<\/p>\n
According to investigators, the perpetrators found potential victims in thematic Telegram channels. They sent links to fake websites that mimicked trading platforms but contained malware\u2014crypto-drainers.<\/p>\n
After connecting a wallet to such a site, victims effectively granted the attackers full access to their assets without additional confirmation.<\/p>\n
Scale of losses:<\/p>\n
- \n
- in one case, the suspects seized about 95,000 USDT;<\/li>\n
- in another, they stole more than 1,000 USDT.<\/li>\n<\/ul>\n
The attackers moved funds between wallets, swapped them for other assets and converted them to cash.<\/p>\n
Police carried out 20 simultaneous searches at the residences of group members and at an office location. They seized computer equipment and mobile phones, cash and records confirming the illegal activity.<\/p>\n
Four members, including a co-organiser, were notified of suspicion of large-scale fraud and laundering of criminal proceeds.<\/p>\n
The charges carry up to 12 years in prison with confiscation of assets.<\/p>\n
Researchers disclose new ways to hack computers<\/h2>\n
Three research groups presented new attacks on Nvidia GPUs\u2019 memory. They can grant hackers privileged access by exploiting \u201cbit flips.\u201d<\/p>\n
Memory cells store information as electrical charges that define bits as 1s or 0s. A Rowhammer attack intensively agitates some cells to alter the charge in adjacent ones, causing bit flips.<\/p>\n
New Rowhammer variants targeting GDDR6 video memory:<\/p>\n
- \n
- GDDRHammer<\/a>. Works against the RTX 6000 on the Ampere architecture. Using new hammering patterns, the researchers achieved an average of 129 bit flips per memory bank\u201464 times more than last year\u2019s GPUHammer<\/a>. The attack allows an adversary to gain access to the CPU<\/span>;<\/li>\n
- GeForge<\/a> works similarly but manipulates the page directory. The researchers achieved 1,171 bit flips on an RTX 3060 and 202 on an RTX 6000. According to them, this is the first GPU Rowhammer that enables privilege escalation to root;<\/li>\n
- GPUBreach<\/a>. The attacker coerces a kernel-privileged driver to perform an out-of-bounds<\/span> write. The attack was demonstrated on an RTX A6000\u2014a model widely used to train AI.<\/li>\n<\/ul>\n
The team from Toronto shared details with Nvidia, Google, AWS<\/span> and Microsoft back in November 2025. In response, Google paid the researchers $600 under its bug-bounty programme. Nvidia said it may update its last-year security bulletin related to GPUHammer.<\/p>\n
Hackers exploited an old flaw in the Flowise AI platform\u00a0<\/h2>\n
Hackers have begun actively exploiting a maximum-severity vulnerability in the Flowise AI platform, said<\/a> VulnCheck cybersecurity expert Caitlin Condon.<\/p>\n
The tool is designed to build applications based on a LLM<\/span> using AI agents<\/a>, including by users without technical skills.\u00a0<\/p>\n
According to Condon, the flaw allows JavaScript code to run without any security checks. The issue was publicly disclosed in September last year with a warning that successful exploitation leads to command execution and access to the file system.<\/p>\n
According to the expert, the problem lies in the Flowise CustomMCP node, which allows configuration of a connection to an external server. At the time it was observed, activity was limited and originated from a single Starlink IP address.<\/p>\n
Between 12,000 and 15,000 custom Flowise instances are accessible online. It is not yet clear what share remain vulnerable.<\/p>\n
Condon recommended updating the software to version 3.1.1 (or at least 3.0.6), and considering disconnecting instances from the internet if external access is not required.<\/p>\n
In the US, scammers sent \u201cfine notices\u201d with phishing QR codes<\/h2>\n
Fraudsters sent fake SMS about unpaid traffic fines, posing as state courts, BleepingComputer<\/a> reports.<\/p>\n
The QR code led to a phishing site to take a $6.99 payment and subsequently steal personal and financial data.\u00a0<\/p>\n
The new campaign began a few weeks ago, according to the outlet. One user shared with the publication the text of a message targeting New York residents. Similar SMS reached victims in other states.<\/p>\n
Unlike previous campaigns with ordinary links, this version used an image of an alleged court notice.<\/p>\n
The message received by the newsroom claimed it was sent by the “Criminal Court of the City of New York.” The recipient was threatened: either immediate payment of a fine for parking or toll violations, or a court appearance.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-ad01c0ccbbcbbf17-1450461177299838.webp\")
Source: BleepingComputer.<\/figcaption><\/figure>\n How the phishing worked:<\/p>\n
- \n
- Scanning the code led to an intermediary site to solve a CAPTCHA, used to evade automated security systems.<\/li>\n
- After that, the user landed on a site mimicking the Department of Motor Vehicles or another agency. In all examples, the \u201cdebt\u201d amount was the same.<\/li>\n
- Clicking the payment button opened a form to enter personal details and bank-card information.<\/li>\n<\/ol>\n
According to the outlet, the data were then stolen and could be used for fraud and identity theft.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- Unknown actors attacked<\/a> a Hyperliquid vault via a FARTCOIN pump.<\/li>\n
- The password \u201c123456\u201d exposed<\/a> a network of North Korean IT workers in the crypto industry.<\/li>\n
- Bitcoin ATM operator Bitcoin Depot reported<\/a> a $3.7m breach.<\/li>\n
- OpenAI will strengthen measures<\/a> to protect children.<\/li>\n
- DEX Stabble urged users to withdraw assets<\/a> over a North Korean hacker threat.<\/li>\n
- Anthropic shut down public access<\/a> to the Mythos AI model after it \u201cescaped the lab.\u201d<\/li>\n
- Bitcoin Core will host<\/a> a public demonstration of Bitcoin consensus vulnerabilities.<\/li>\n
- Solana projects will get<\/a> a unified incident-response system for hacks.<\/li>\n
- North Korean operatives secretly wrote code<\/a> for leading DeFi projects for seven years.<\/li>\n
- Drift Protocol revealed<\/a> details of a $280m hack.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
In a new piece, ForkLog and industry experts examine how DAOs are developing and what holds decentralised organisations back.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"
A round-up of the week\u2019s most significant cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":96100,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"This week\u2019s key cybersecurity developments, from GPU hacks to SMS phishing.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-96099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"20","promo_type":"1","layout_type":"1","short_excerpt":"This week\u2019s key cybersecurity developments, from GPU hacks to SMS phishing.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/96099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=96099"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/96099\/revisions"}],"predecessor-version":[{"id":96101,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/96099\/revisions\/96101"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/96100"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=96099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=96099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=96099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- The password \u201c123456\u201d exposed<\/a> a network of North Korean IT workers in the crypto industry.<\/li>\n
- Unknown actors attacked<\/a> a Hyperliquid vault via a FARTCOIN pump.<\/li>\n
- GeForge<\/a> works similarly but manipulates the page directory. The researchers achieved 1,171 bit flips on an RTX 3060 and 202 on an RTX 6000. According to them, this is the first GPU Rowhammer that enables privilege escalation to root;<\/li>\n
- GDDRHammer<\/a>. Works against the RTX 6000 on the Ampere architecture. Using new hammering patterns, the researchers achieved an average of 129 bit flips per memory bank\u201464 times more than last year\u2019s GPUHammer<\/a>. The attack allows an adversary to gain access to the CPU<\/span>;<\/li>\n