VulnHub

Real-time Cybersecurity News

FBI: Cybercrime Losses Neared $21 Billion in 2025

SecurityWeek

Overview

In 2025, the FBI reported receiving over 1 million complaints related to cybercrime, resulting in losses close to $21 billion. The most significant financial damages came from investment scams, business email compromise (BEC) schemes, and tech support fraud. These scams have been particularly damaging, affecting individuals and businesses alike, and highlighting the urgent need for better cybersecurity awareness and protections. The sheer volume of complaints indicates a growing trend in cybercrime, emphasizing that both consumers and companies must remain vigilant against these types of attacks. The financial impact of these scams not only affects victims directly but also has broader implications for the economy as a whole.

Key Takeaways

  • Affected Systems: Investment scams, Business Email Compromise (BEC), Tech support scams
  • Action Required: Users should educate themselves about common scams, implement strong security practices, and report suspicious activities to authorities.
  • Timeline: Disclosed in 2025

Original Article Summary

The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses. The post FBI: Cybercrime Losses Neared $21 Billion in 2025 appeared first on SecurityWeek.

Impact

Investment scams, Business Email Compromise (BEC), Tech support scams

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed in 2025

Remediation

Users should educate themselves about common scams, implement strong security practices, and report suspicious activities to authorities.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

darkreading

HackerOne has decided to pause its bug bounty programs due to challenges in the remediation process for open-source vulnerabilities. Traditionally, finding bugs was the main hurdle, but with the rise of automated discovery tools, fixing these bugs has become the bigger issue. Bug bounties, which reward researchers for identifying security flaws, do not currently cover the costs associated with remediation. This decision could impact the security of various open-source projects, as it may discourage researchers from reporting vulnerabilities if there is no support for fixing them. The situation raises concerns about how effectively vulnerabilities can be addressed in an increasingly automated environment.

Apr 8, 2026

New macOS stealer campaign uses Script Editor in ClickFix attack

BleepingComputer

A new campaign is targeting macOS users with the Atomic Stealer malware, using the Script Editor to execute commands in a method similar to a previous ClickFix attack. This tactic tricks users into running malicious scripts, which can lead to sensitive data being stolen. The attack primarily affects macOS computers, putting users’ personal information at risk. Security researchers are urging users to be cautious about running scripts from untrusted sources, as this method can bypass some security measures. Awareness and vigilance are key, as these types of attacks can lead to significant data breaches if not addressed promptly.

Apr 8, 2026

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for U.S. government agencies to patch a serious vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw has been exploited in attacks since January, making it a significant risk for federal systems. Agencies have only until Sunday to address this issue, underscoring the urgency to protect sensitive data from potential breaches. The vulnerability affects the Ivanti EPMM software, which is widely used for managing mobile devices. Failure to patch could leave these systems open to further exploitation by attackers, which could have serious implications for national security.

Apr 8, 2026

Hack-for-hire spyware campaign targets journalists in Middle East, North Africa

CyberScoop

A research collaboration between Access Now, Lookout, and SMEX has uncovered a troubling spyware campaign targeting journalists in the Middle East and North Africa. The campaign is believed to be linked to a group called Bitter, which is suspected of having connections to the Indian government. The spyware, identified as ProSpy, poses a significant risk to the privacy and safety of journalists in the region, as it can be used to monitor their communications and activities. This incident raises serious concerns about the increasing use of hack-for-hire services to silence critical voices and undermine press freedom. The implications of this spyware campaign extend beyond individual journalists, potentially affecting the broader landscape of media and freedom of expression in these areas.

Apr 8, 2026

ComfyUI instances hijacked for cryptomining and proxy botnet

SCM feed for Latest

Threat actors are actively targeting vulnerable ComfyUI deployments using a custom Python scanner to hijack instances for cryptomining and to create a proxy botnet. This malicious activity involves scanning cloud IP ranges to find systems that haven't been secured. Once compromised, these systems can be exploited for unauthorized cryptomining, which can lead to significant financial losses for the affected users and businesses. The ease of access for attackers highlights a concerning gap in cloud security practices. Organizations using ComfyUI should ensure their deployments are properly configured and secured to prevent these types of attacks.

Apr 8, 2026

Fraud Rockets Higher in Mobile-First Latin America

darkreading

Cyber fraud is escalating in Latin America, particularly among mobile users. Attackers are quickly taking control of compromised devices, leading to account takeovers and unauthorized fund transfers. This rapid sequence of events often occurs faster than many financial institutions can respond, leaving victims vulnerable to significant financial losses. The trend is concerning as it highlights the growing sophistication of cyber fraud in a region that is increasingly reliant on mobile technology for banking and transactions. Users and financial institutions must remain vigilant and adopt stronger security measures to protect against these threats.

Apr 8, 2026