VulnHub

Real-time Cybersecurity News

Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison

BleepingComputer

Overview

A man with dual citizenship in China and St. Kitts and Nevis has been sentenced to 20 years in prison for his involvement in a fraudulent cryptocurrency scheme that swindled victims out of over $73 million. Known as 'pig butchering,' this scheme involved luring individuals into fake investment opportunities, often using romantic tactics to build trust. The sentencing occurred in absentia, meaning the perpetrator was not present in court, which highlights the challenges of prosecuting criminals operating across international borders. This incident serves as a stark reminder of the risks associated with cryptocurrency investments and the need for vigilance among potential investors. With such high financial losses, victims are left grappling with the aftermath of these deceptive practices.

Key Takeaways

  • Affected Systems: Cryptocurrency investment schemes, victims globally
  • Action Required: Potential investors should conduct thorough research before engaging in cryptocurrency investments and be cautious of unsolicited offers, especially those that involve emotional manipulation.
  • Timeline: Disclosed on October 2023

Original Article Summary

A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. [...]

Impact

Cryptocurrency investment schemes, victims globally

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on October 2023

Remediation

Potential investors should conduct thorough research before engaging in cryptocurrency investments and be cautious of unsolicited offers, especially those that involve emotional manipulation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek

California's Attorney General Rob Bonta has filed a lawsuit against 23andMe, the genetic testing company, alleging that it failed to adequately protect user data following a breach earlier this year. The lawsuit comes after the company, now operating under the name Chrome Holding Co. due to bankruptcy proceedings, reportedly exposed sensitive information of its users. This breach raises significant concerns about data privacy and the responsibilities of companies handling personal information. If the allegations are proven, it could lead to stricter regulations and greater scrutiny of how personal data is managed in the biotech industry. Users who trusted 23andMe with their genetic information are particularly affected, as their sensitive data may have been compromised.

May 29, 2026

Man sent to prison for selling data of 7 millions elderly Americans

BleepingComputer

A man from North Carolina has been sentenced to over 10 years in prison for selling the personal data of more than 7 million elderly Americans to scammers based in Jamaica. The man, whose actions have raised concerns about privacy and security, provided sensitive information like names, addresses, and Social Security numbers. This breach not only puts the affected individuals at risk of identity theft but also highlights the ongoing issue of data exploitation in the digital age. Law enforcement officials emphasize the need for stronger protections for vulnerable populations, particularly the elderly, who are often prime targets for scams. The case serves as a reminder of the importance of safeguarding personal information and the severe consequences for those who exploit it.

May 29, 2026

Websites can spy on user activity by analyzing SSD behavior

Help Net Security

Researchers have discovered a new technique called FROST, which allows websites to track user activity by analyzing the behavior of a user's Solid-State Drive (SSD). This method can infer information about the files and applications stored on the SSD, which is unexpected for most users. The implications of this technique raise significant privacy concerns, as it adds another layer to the existing methods websites use to monitor user behavior, like browser fingerprinting and tracking scripts. Users may not be aware that their storage devices can be exploited in this way, highlighting the need for more robust privacy protections. As this method gains attention, it emphasizes the ongoing challenges of online privacy and security.

May 29, 2026

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

Infosecurity Magazine

According to ESET's 2026 APT Activity Report, Chinese-backed advanced persistent threats (APTs) are capitalizing on the instability caused by ongoing conflicts in Iran to target maritime and energy companies. This surge in cyber-attacks indicates that attackers are exploiting geopolitical tensions to carry out their operations. The report highlights that these APTs are not only focusing on regional targets but are also continuing their activities against organizations globally. This situation raises concerns for companies in the maritime and energy sectors, as they may face increased risks of data breaches and operational disruptions due to these cyber threats. Understanding these tactics is crucial for organizations to bolster their cybersecurity defenses and protect sensitive information.

May 29, 2026

AI-Generated npm Malware Leaks Its Own GitHub Token

Infosecurity Magazine

A recent incident involving an AI-generated npm infostealer has drawn attention after it accidentally exposed its own GitHub token, revealing the identity of its operator. This infostealer, designed to collect sensitive information, had a flaw that led to the leak of the token on a public platform. As a result, researchers were able to trace back to the developer behind the malware, raising concerns about the capabilities of AI tools in creating malicious software. This incident highlights the potential risks associated with the misuse of AI in software development, particularly in the realm of cybersecurity. Developers and users of npm packages should be vigilant about the security of their applications and the code they incorporate from third parties.

May 29, 2026

Humanix expands detection to identify live violations of security procedures

Help Net Security

Humanix has introduced a new capability aimed at detecting real-time violations of security procedures in IT support workflows. This is particularly important as help desk and service desk agents often face pressure from attackers to bypass identity verification steps, which can lead to unauthorized access and data breaches. By identifying these violations as they occur, Humanix aims to enhance the security of sensitive requests, such as credential resets. This development is crucial for organizations that rely on help desk support to protect sensitive information and maintain secure operations. The new feature could help prevent incidents where attackers exploit human vulnerabilities in security protocols.

May 29, 2026