Spanish police dismantle €140 million cybercrime network

Help Net Security

Overview

Spanish authorities have dismantled a significant cybercrime network responsible for stealing and laundering around €140 million. The group operated through various fraudulent schemes, including fake investment platforms, CEO fraud, invoice fraud, and man-in-the-middle attacks. Four individuals were arrested during the operation, with two detained in Portugal, one in Spain, and another in Panama. The investigation began when police identified 19 companies engaged in suspicious financial activities that suggested money laundering rather than legitimate business practices. This crackdown highlights ongoing issues with cybercrime and the need for vigilance among businesses and individuals alike.

Key Takeaways

  • Affected Systems: Fake investment platforms, CEO fraud schemes, invoice fraud operations, man-in-the-middle attacks
  • Action Required: Companies should enhance their fraud detection measures and conduct thorough due diligence on financial activities.
  • Timeline: Ongoing since recent months

Original Article Summary

Spanish National Police have dismantled a cybercrime network accused of stealing and laundering about €140 million through fake investment platforms, CEO fraud, invoice fraud, and man-in-the-middle attacks. Four people were arrested as part of the operation: two in Portugal, one in Spain, and one in Panama. The investigation began after officers identified 19 companies whose financial activity appeared consistent with money laundering rather than legitimate business activity. Officers reviewed bank records, examined company registrations and … More → The post Spanish police dismantle €140 million cybercrime network appeared first on Help Net Security.

Impact

Fake investment platforms, CEO fraud schemes, invoice fraud operations, man-in-the-middle attacks

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Ongoing since recent months

Remediation

Companies should enhance their fraud detection measures and conduct thorough due diligence on financial activities.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Coverage

SonicWall customers under threat as attackers exploit 2 zero-days

CyberScoop

SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.

Jul 15, 2026

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

The Hacker News

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Jul 15, 2026

Is 'Tech-xit' Imminent? UK Steps Up Sovereignty Push Amid AI Strife

darkreading

The recent restrictions imposed by the US government on AI companies like Anthropic and OpenAI have sparked significant discussions in the UK and elsewhere about reducing dependence on American technology firms. This push for greater technological sovereignty comes as countries assess the implications of relying on foreign companies for critical AI capabilities. The situation raises concerns about data security and national interests, as countries may seek to develop their own AI models to safeguard against potential vulnerabilities and geopolitical risks. The call for sovereignty is not just about technology but also about ensuring that nations can protect their data and maintain control over their digital futures. As this dialogue progresses, it could lead to shifts in how AI technologies are developed and deployed globally.

Jul 15, 2026

​ ​AsyncAPI npm packages infected with credential-stealing malware

BleepingComputer

Recently, researchers discovered that five malicious versions of AsyncAPI packages were uploaded to the Node Package Manager (npm). These packages contained a remote access trojan designed to steal user credentials and other sensitive information. This supply-chain attack poses a significant risk, as developers who unknowingly downloaded these infected packages could have their systems compromised. The incident highlights the vulnerabilities within the npm ecosystem and the importance of scrutinizing third-party packages before use. Developers and organizations should be vigilant about the packages they incorporate into their projects to avoid similar attacks in the future.

Jul 15, 2026

Unpatched Cursor Vulnerability Exposes Users to Code Execution

SecurityWeek

A recently discovered vulnerability in Cursor allows attackers to execute arbitrary code on users' systems without their consent. By creating a malicious repository containing a 'git.exe' file in the project root, attackers can exploit this flaw, which Cursor executes automatically when the repository is accessed. This puts users at significant risk, especially those who frequently interact with repositories from untrusted sources or do not have adequate security measures in place. As there is currently no patch available to fix this issue, users should be cautious when using Cursor and consider limiting their exposure to potentially harmful repositories. This vulnerability serves as a reminder of the importance of maintaining security hygiene in software development environments.

Jul 15, 2026

CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities

SecurityWeek

The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to quickly address three vulnerabilities in SharePoint that are currently being exploited by attackers. Among these, two have been identified as zero-days, meaning they are actively targeted before a patch was made available. This situation poses significant risks to users of SharePoint, as attackers could gain unauthorized access to sensitive data or disrupt operations. Organizations that use SharePoint are advised to prioritize patching these vulnerabilities to protect their systems and data from potential breaches. Immediate action is crucial to mitigate the risks associated with these exploits.

Jul 15, 2026