Five individuals, alleged members of the hacking group Scattered Spider, face criminal charges in the US. Prosecutors accuse the group of orchestrating phishing schemes to steal sensitive data and cryptocurrency. Victims include at least 12 companies from industries such as gaming and telecommunications, alongside individual cryptocurrency holders.
The suspects, aged in their teens or 20s during the offences, allegedly deceived employees into sharing login details through fraudulent messages. These actions enabled them to access corporate systems and drain millions from personal accounts. The group’s notoriety grew following high-profile hacks of casino operators in 2023, though connections to those incidents remain unclear.
Officials claim Scattered Spider operates as a loose collective of cybercriminals, often collaborating temporarily for specific crimes. Industry experts have long called for stronger enforcement against such groups. Recent arrests signal intensified efforts, with cybersecurity professionals warning young hackers of severe consequences if caught.
The defendants, including individuals from Scotland, Texas, and North Carolina, face charges of conspiracy, identity theft, and wire fraud. Arrests have taken place in the US and Spain, with extradition proceedings underway. Investigations continue as authorities pursue other suspected members of the group.
Australia’s government introduced a bill to parliament aiming to ban social media use for children under 16, with potential fines of up to A$49.5 million ($32 million) for platforms that fail to comply. The law would enforce age verification, possibly using biometrics or government IDs, setting the highest global age limit for social media use without exemptions for parental consent or existing accounts.
Prime Minister Anthony Albanese described the reforms as a response to the physical and mental health risks social media poses, particularly for young users. Harmful content, such as body image issues targeting girls and misogynistic content aimed at boys, has fueled the government’s push for strict measures. Messaging services, gaming, and educational platforms like Google Classroom and Headspace would remain accessible under the proposal.
While opposition parties support the bill, independents and the Greens are calling for more details. Communications Minister Michelle Rowland emphasised that the law places responsibility on platforms, not parents or children, to implement robust age-verification systems. Privacy safeguards, including mandatory destruction of collected data, are also part of the proposed legislation. Australia’s policy would be among the world’s strictest, surpassing similar efforts in France and the US.
Lyft is introducing new safety features, including rider verification badges, to enhance security on its platform. This update provides drivers with more passenger information, such as names, ratings, and verification badges, before accepting rides. The company will also implement safety alerts in certain areas, such as school zones and traffic enforcement locations, to further safeguard both riders and drivers.
The changes come alongside an easier dashcam registration process, with passengers now notified when recordings may occur during their ride. Another innovation allows drivers to report traffic conditions and hazards, contributing to real-time map updates. In addition, a new restroom finder tool will let drivers locate and rate facilities, improving convenience during long shifts.
Lyft’s competitor, Uber, launched similar safety updates earlier, including driver options to record trips via smartphone. Lyft’s initiatives signal its commitment to staying competitive while prioritising the safety and experience of its users.
The EU Council, along with its member states, has adopted a declaration for the first time on this specific topic establishing a unified understanding of how international law applies to cyberspace. This declaration underscores that cyberspace is not a lawless realm and reaffirms that international law, including the UN Charter, international human rights law, and international humanitarian law, is fully applicable to activities conducted in cyberspace.
The declaration highlights the escalating threat of malicious cyber activities, such as ransomware, which have grown in scale, sophistication, and impact, posing significant risks to European societies and economies. Recognising these challenges, the EU emphasizes that adherence to the UN framework of responsible state behavior in cyberspace is essential for preserving international peace, security, and stability.
In the declaration, the EU and its member states have commented on principle of non-intervention, state sovereignty, due diligence, attribution, and countermeasures. In particular, the document highlights that “States exercise territorial jurisdiction over Information and Communications Technology (ICT) infrastructure located in their territory, and persons engaged in cyber activities, within their territory”.
The official press release notes that the declaration’s foundation was laid in April 2024, when the European External Action Service (EEAS) presented a non-paper on the topic. After careful deliberation and collaboration between the Horizontal Working Party on Cyber Issues (HWPCI) and the Working Party on Public International Law (COJUR), the text was finalized and approved by the Permanent Representatives Committee (COREPER) on 13 November 2024.
Australia has raised concerns about the growing number of cyberattacks on critical infrastructure, with over 11% of reported incidents last year targeting essential services like electricity, water, transport, and education. The Australian Signals Directorate’s latest report highlights state-sponsored actors and cybercriminals as key threats, employing advanced techniques such as phishing, brute-force attacks, and exploiting public-facing systems.
Defence Minister Richard Marles warned of an increasing focus on critical infrastructure by both criminal groups and foreign governments. Australia has attributed cyber incidents to countries including China, Russia, and Iran, with China allegedly shifting from espionage to disruptive cyber operations. Beijing has denied these accusations, dismissing them as baseless.
The report underscores the evolving cyber landscape and the urgent need for bolstered defences to safeguard Australia’s essential systems.
Germany‘s Federal Court of Justice (BGH) has ruled that Facebook users affected by data breaches in 2018 and 2019 are entitled to compensation, even without proving financial losses. The court determined that the loss of control over personal data is sufficient grounds for damages, marking a significant step in data protection law.
The case stems from a 2021 breach involving Facebook’s friend search feature, where third parties accessed user accounts by exploiting phone number guesses. Lower courts in Cologne previously dismissed compensation claims, but the BGH ordered a re-examination, suggesting around €100 in damages could be awarded per user without proof of financial harm.
Meta, Facebook’s parent company, has resisted compensation, arguing that users did not suffer concrete damages. A spokesperson for Meta described the ruling as inconsistent with recent European Court of Justice decisions and noted that similar claims have been dismissed by German courts in thousands of cases. The breach reportedly impacted around six million users in Germany.
The court also instructed a review of Facebook’s terms of use, questioning whether they were transparent and whether user consent for data handling was voluntary. The decision adds pressure on companies to strengthen data protection measures and could set a precedent for future claims across Europe.
The US Senate Judiciary subcommittee will convene a hearing on Tuesday to investigate recent Chinese cyberattacks targeting American telecommunications companies. The hearing, led by Senator Richard Blumenthal, will delve into the national security threats posed by these breaches and their impact on the US economy.
Authorities allege that China-linked hackers accessed surveillance data from telecom networks, intercepting sensitive communications tied to government and political figures. This breach has heightened concerns over the security of critical infrastructure, especially as bipartisan lawmakers scrutinise the role of major providers like AT&T and Verizon.
The session will also include discussions on Elon Musk’s business ties with China amid his growing involvement in US government affairs. Witnesses, including cybersecurity and industry experts, are expected to shed light on the scale and potential consequences of these incidents. Beijing, however, has denied any involvement in cyber espionage activities.
Swiss and Nepalese regulators have raised red flags about the growing risks of cryptocurrency misuse. In its latest Risk Monitor report, Switzerland’s financial watchdog FINMA identified digital assets, especially stablecoins, as a high-risk area for money laundering. The agency highlighted their role in sanctions evasion, dark web transactions, and cyberattacks. FINMA has tightened oversight of financial institutions offering crypto-related services to safeguard the sector’s reputation.
Meanwhile, Nepal’s Financial Intelligence Unit (FIU) reported a surge in crypto misuse for cross-border money laundering and fraudulent investment schemes. Despite a national ban on crypto trading, fraudsters continue exploiting digital assets to obscure illicit funds. Victims often avoid reporting crimes, fearing legal repercussions or social stigma, hindering enforcement efforts.
Authorities in both countries are calling for robust measures to combat these threats, emphasising the need for heightened vigilance and better reporting mechanisms.
Roblox has announced new measures to protect users under 13, permanently removing their ability to send messages outside of games. In-game messaging will remain available, but only with parental consent. Parents can now remotely manage accounts, oversee friend lists, set spending controls, and enforce screen time limits.
The gaming platform, which boasts 89 million users, has faced scrutiny over claims of child abuse on its service. In August, Turkish authorities blocked Roblox, citing concerns over user-generated content. A lawsuit filed in 2022 accused the company of facilitating exploitation, including sexual and financial abuse of a young girl in California.
New rules also limit communication for younger players, allowing under-13 users to receive public broadcast messages only within specific games. Roblox will implement updated content descriptors such as ‘Minimal’ and ‘Restricted’ to classify games, restricting access for users under nine to appropriate experiences.
Access to restricted content will now require users to be at least 17 years old and verify their age. These changes aim to enhance child safety amid growing concerns and highlight Roblox’s efforts to address ongoing challenges in its community.
Russian security experts have uncovered a new deepfake scam exploiting the image of Donald Trump, targeting English-speaking audiences. FACCT, a Moscow-based cybercrime prevention firm, reported that scammers are using a bot to create deepfake videos of prominent figures like Trump, Elon Musk, and Tucker Carlson. These videos are being shared on platforms such as TikTok and YouTube to promote fraudulent crypto exchanges.
The bot allows users to generate customised videos with text up to 400 characters long, which fraudsters use to advertise fake trading platforms. FACCT identified three primary scams: fake exchanges where victims’ tokens are stolen, malware links that compromise crypto wallets, and bogus tokens that can’t be sold.
This warning follows a rise in crypto-related scams in Russia, including digital ruble frauds. Authorities are urging vigilance as the Russian Central Bank prepares to launch its central bank digital currency nationwide next year.
