The Washington Post covers "a string of false reports of active shooters at a dozen U.S. universities this month as students returned to campus." The FBI is investigating the incidents, according to a spokesperson who declined to specify the nature of the probe. While universities have proved a popular swatting target, the agency "is seeing an increase in swatting events across the country," the FBI spokesperson said... Local officials are frustrated by the anonymous calls tying up first responders, straining public safety budgets and needlessly traumatizing college students who grew up in an era in which gun violence has in some way shaped their school experience... The recent string of swattings began Thursday with a false report to the University of Tennessee at Chattanooga, quickly followed by one about Villanova University later that day. Hoaxes at 10 more schools followed... Villanova also received a second threat. As the calls about shootings came in, officials on many of the campuses pushed out emergency notifications directing students and employees to shelter in place, while police investigated what turned out to be false reports. (Iowa State was able to verify the lack of a threat before a campuswide alert was sent, its police chief said. [They had a live video feed from the location the caller claimed to be from.]) In at least three cases, 911 calls reporting a shooting purported to come from campus libraries, where the sound of gunshots could be heard over the phone, officials told The Washington Post... Although false bomb reports, shooter threats and swatting incidents are not new, bad actors used to be more easily traceable through landline phones. But the era of internet-based services, virtual private networks, and anonymous text and chat tools has made unmasking hoax callers far more challenging... In 2023, a Post investigation found that more than 500 schools across the United States were subject to a coordinated swatting effort that may have had origins abroad... [In Chattanooga, Tennessee last week] a dispatcher heard gunfire during a call reporting an on-campus shooting. "We grabbed everybody that wasn't already out on the street and got to that location," said University of Tennessee at Chattanooga Police spokesman Brett Fuchs. About 150 officers from several agencies responded. There was no shooter. The New York Times reports that an online group called "Purgatory" is "suspected of being connected to several of the episodes, including reports of shootings, according to cybersecurity experts, law enforcement agencies and the group members' own posts in a social media chat." (Though the Times, couldn't verify the group's claims.) Federal authorities previously connected the same network to a series of bomb scares and bogus shooting reports in early 2024, for which three men pleaded guilty this year... Bragging about its recent activities, Purgatory said that it could arrange more swatting episodes for a fee. USA Today tries to quantify the reach of swatting: Estimated swatting incidents jumped from 400 in 2011 to more than 1,000 in 2019, according to the Anti-Defamation League, which cited a former FBI agent whose expertise is in swatting. From January 2023 to June 2024 alone, more than 800 instances of swatting were recorded at U.S. elementary, middle and high schools, according to the K-12 School Shootings Database, created by a University of Central Florida doctoral student in response to the Parkland High School shooting in 2018.tise is in swatting... David Riedman, a data scientist and creator of the K-12 School Shooting Database, estimates that in 2023, it cost $82,300,000 for police to respond to false threats. Thanks to long-time Slashdot reader schwit1 for sharing the news.

Read more of this story at Slashdot.

Davis Lu, a former Eaton Corporation developer, has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with malware and a custom kill switch that locked out thousands of employees once his account was disabled. The attack caused significant operational disruption and financial losses, with Lu also attempting to cover his tracks by deleting data and researching privilege escalation techniques. BleepingComputer reports: After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems. "The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.

Read more of this story at Slashdot.

In 2020 a YouTube video used video footage of Steve Wozniak in a scam to steal bitcoin. "Some people said they lost their life savings," Wozniak tells CBS News, explaining why he sued YouTube in 2020 — and where his case stands now: Wozniak's lawsuit against YouTube has been tied up in court now for five years, stalled by federal legislation known as Section 230. Attorney Brian Danitz said, "Section 230 is a very broad statute that limits, if not totally, the ability to bring any kind of case against these social media platforms." "It says that anything gets posted, they have no liability at all," said Wozniak. "It's totally absolute." Google responded to our inquiry about Wozniak's lawsuit with a statement from José Castañeda, of Google Policy Communications: "We take abuse of our platform seriously and take action quickly when we detect violations ... we have tools for users to report channels that are impersonating their likeness or business." [Steve's wife] Janet Wozniak, however, says YouTube did nothing, even though she reported the scam video multiple times: "You know, 'Please take this down. This is an obvious mistake. This is fraud. You're YouTube, you're helping dupe people out of their money,'" she said. "They wouldn't," said Steve... Today is Steve Wozniak's 75th birthday. (You can watch the interview here.) And the article includes this interesting detail about Woz's life today: Wozniak sold most of his Apple stock in the mid-1980s when he left the company. Today, though, he still gets a small paycheck from Apple for making speeches and representing the company. He says he's proud to see Apple become a trillion-dollar company. "Apple is still the best," he said. "And when Apple does things I don't like, and some of the closeness I wish it were more open, I'll speak out about it. Nobody buys my voice!" I asked, "Apple listen to you when you speak out?" "No," Wozniak smiled. "Oh, no. Oh, no."

Read more of this story at Slashdot.

"What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company?" asks a blog post from Koi Security. "You get GreedyBear, the attack group that just redefined industrial-scale crypto theft." "150 weaponized Firefox extensions [impersonating popular cryptocurrency wallets like MetaMask and TronLink]. Nearly 500 malicious executables. Dozens of phishing websites. One coordinated attack infrastructure. According to user reports, over $1 million stolen." They upload 5-7 innocuous-looking extensions like link sanitizers, YouTube downloaders, and other common utilities with no actual functionality... They post dozens of fake positive reviews for these generic extensions to build credibility. After establishing trust, they "hollow out" the extensions — changing names, icons, and injecting malicious code while keeping the positive review history. This approach allows GreedyBear to bypass marketplace security by appearing legitimate during the initial review process, then weaponizing established extensions that already have user trust and positive ratings. The weaponized extensions captures wallet credentials directly from user input fields within the extension's own popup interface, and exfiltrate them to a remote server controlled by the group... Alongside malware and extensions, the threat group has also launched a network of scam websites posing as crypto-related products and services. These aren't typical phishing pages mimicking login portals — instead, they appear as slick, fake product landing pages advertising digital wallets, hardware devices, or wallet repair services... While these sites vary in design, their purpose appears to be the same: to deceive users into entering personal information, wallet credentials, or payment details — possibly resulting in credential theft, credit card fraud, or both. Some of these domains are active and fully functional, while others may be staged for future activation or targeted scams... A striking aspect of the campaign is its infrastructure consolidation: Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66 — this server acts as a central hub for command-and-control, credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels... Our analysis of the campaign's code shows clear signs of AI-generated artifacts. This makes it faster and easier than ever for attackers to scale operations, diversify payloads, and evade detection. This isn't a passing trend — it's the new normal. The researchers believe the group "is likely testing or preparing parallel operations in other marketplaces."

Read more of this story at Slashdot.

hackingbear shares a report from CNN: Taiwanese authorities have detained three current and former employees of the world's largest chip manufacturer, Taiwan Semiconductor Manufacturing Company (TSMC), for allegedly stealing trade secrets [and taking them to Japanese company Tokyo Electrons], prosecutors said Tuesday. Law enforcement officers questioned several suspects and witnesses late last month. They searched their homes and detained three of them over "serious suspicions of violating national security laws," the intellectual property branch of the Taiwan High Prosecutors Office said on Tuesday. After an internal investigation, the major Taiwanese exporter raised suspicions with authorities that its "core technologies" may have been illegally accessed by former and current staffers. Nikkei Asia first reported on Tuesday that TSMC had fired staffers suspected of illegally obtaining business secrets related to the manufacturing technology for the company's 2-nanometer chip, the most advanced processor in the semiconductor industry that is expected to go into mass production this year. Taiwanese local media reported that a former TSMC employee now works at top chip manufacturing equipment supplier Tokyo Electron Ltd., and that the Japanese firm's Taiwan office was raided by investigators. On Thursday, Tokyo Electron confirmed it had dismissed an employee of its Taiwan subsidiary who was involved in the case, and said the company was cooperating with authorities. "As of now, based upon the findings of our internal investigation we have not confirmed any evidence of the respective confidential information shared to any third parties," it said in a statement.

Read more of this story at Slashdot.

Massive mobile device tracking data has exposed the interconnected network of Myanmar's expanding scam centers, revealing how trafficked workers circulate between compounds despite February crackdowns. Analysis of 4.9 million location records from 11,930 mobile devices between January 2024 and May 2025 showed five devices visited all three major compounds -- Yatai New City, Apolo Park, and Yulong Bay Park -- plus the raided KK Park and Huanya Park facilities. Workers are forced into romance scams, deceiving victims into believing they're in romantic relationships before extracting money. A South Asian man held six months at KK Park worked 16 hours daily conducting these online deceptions while enduring beatings and electric shocks for poor performance. Nikkei's investigation combined satellite imagery analysis, social media posts from Chinese platform Douyin, and open-source intelligence techniques to document continued construction at eight of 16 suspected sites. Myanmar authorities deported over 66,000 foreign nationals involved in these online fraud operations between October 2023 and June 2025.

Read more of this story at Slashdot.

alternative_right shares a report from France 24: A suspected administrator of a top Russian-language cybercrime forum, XSS.is, has been arrested in Ukraine with the help of French police and Europol, French prosecutors said on Wednesday. Industry experts describe XSS.is as one of the longest-running dark web forums. "On Tuesday July 22, a person suspected of being the administrator of the Russian-language cybercrime forum XSS.is was arrested as part of a criminal investigation opened by the Paris public prosecutor's office," Paris prosecutor Laure Beccuau said in a statement. "Active since 2013, this forum was one of the main hubs for global cybercrime. The forum also operated an encrypted Jabber messaging server, facilitating anonymous exchanges between cybercriminals." "A judicial investigation was opened on November 9, 2021 on charges of complicity in attacks on an automated data processing system, organised extortion, and criminal conspiracy," Beccuau said. "The intercepted messages revealed numerous illicit activities related to cybercrime and ransomware, and established that they generated at least $7 million in profits."

Read more of this story at Slashdot.

Long-time Slashdot reader wattersa is a lawyer in Redwood City, California, and a Slashdot reader since 1998. In 2022 he shared the remarkable story of a three-year missing person investigation that was ultimately solved with a subpoena to Google. A murder victim appeared to have sent an email at a time which would exonerate the chief suspect. But a closer inspection of that email's IP addresses revealed it was actually sent from a hotel where the suspect was staying. ("Although Google does not include the originating IP address in the email headers, it turns out that they retain the IP address for some unknown length of time...") Today wattersa brings this update: The case finally went to trial in July 2025, where I testified about the investigation along with an expert witness on computer networking. The jury took three hours to return a verdict against the victim's husband for wrongful death in the amount of $23.2 million, with a special finding that he caused the death of his wife. The defendant is a successful mechanical engineer at an energy company, but is walking as a free man because he is Canadian and no one can prosecute him in the U.S., since Taiwan and the U.S. don't have extradition with each other. It was an interesting case and I look forward to using it as a model in other missing person cases.

Read more of this story at Slashdot.

Russian lawmakers passed sweeping new legislation allowing authorities to fine individuals simply for searching and accessing content labeled "extremist" via VPNs. The Washington Post reports: Russia defines "extremist materials" as content officially added by a court to a government-maintained registry, a running list of about 5,500 entries, or content produced by "extremist organizations" ranging from "the LGBT movement" to al-Qaeda. The new law also covers materials that promote alleged Nazi ideology or incite extremist actions. Until now, Russian law stopped short of punishing individuals for seeking information online; only creating or sharing such content is prohibited. The new amendments follow remarks by high-ranking officials that censorship is justified in wartime. Adoption of the measures would mark a significant tightening of Russia's already restrictive digital laws. The fine for searching for banned content in Russia would be about a $65, while the penalty for advertising circumvention tools such as VPN services would be steeper -- $2,500 for individuals and up to $12,800 for companies. Previously, the most significant expansion of Russia's restrictions on internet use and freedom of speech occurred shortly after the February 2022 full-scale invasion of Ukraine, when sweeping laws criminalized the spread of "fake news" and "discrediting" the Russian military. The new amendment was introduced Tuesday and attached to a mundane bill on regulating freight companies, according to documents published by Russia's lower house of parliament, the State Duma.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Android Authority: Italian YouTuber Once Were Nerd covers a variety of retro gaming topics, but his reviews of ANBERNIC devices appear to be the straw that broke the camel's back. According to the video [here], customs enforcement officers from the Guardia di Finanza showed up at his home and office on April 15 with a search warrant to investigate promotion of pirated copyrighted materials. They seized a variety of ANBERNIC, Powkiddy, and TrimUI gaming handhelds from his collection. In total, more than 30 consoles were taken. The creator, assuming he didn't do anything wrong, complied with demands, providing full transcripts of his conversations and chats with gaming handheld manufacturers. The officers also took his phone, promising to return it in a few days. It was returned two months later, on June 15. According to the video, officials are not required to disclose what exactly the charges are or who has brought them until the initial investigation is complete under Italian law. At that point, the case is either dismissed or goes to trial. The complaint specifically mentions reproduction of copyrighted material from Nintendo and Sony, but the case may originate from the agency itself. However, in the meantime officials have the option to shut down his channel, even before proving any wrongdoing. This is a scary prospect for any creator who has spent years building a channel, and unlike YouTube copyright strikes, there's likely no remedy. Currently, officials contest that his reviews of ANBERNIC devices like the RG Slide, which often, but not always, ship with microSD cards filled with copyrighted ROMs, are punishable under Article 171 ter of the Italian Copyright Law. This law, which was originally written in 1941, allows for a maximum punishment of 15,000 euros (or 30 million Italian Lira, since the law pre-dates the Euro) and three years of jail time.

Read more of this story at Slashdot.

U.S. prosecutors and the Commodity Futures Trading Commission (CFTC) have officially closed their investigations into Polymarket, the decentralized, blockchain-powered prediction market platform where users bet with real cryptocurrency on the outcomes of future events. "The DOJ was investigating Polymarket last year, reportedly for allowing U.S. users to place bets on the site despite Polymarket being required to block U.S. traders," reports CoinDesk. The FBI raided Polymarket CEO Shayne Coplan's Manhattan apartment last November, seizing his phone and electronic devices. A source close to the matter told The New York Post it was politically motivated due to Polymarket's successful prediction of Trump's election win. It's "grand political theater at its worst," the source said. "They could have asked his lawyer for any of these things. Instead, they staged a so-called raid so they can leak it to the media and use it for obvious political reasons."

Read more of this story at Slashdot.

A Department of Justice filing aiming to recover fraudulently obtained cryptocurrency may have inadvertently revealed the scam's victims as the CEO and CFO of crypto payment firm MoonPay. From a report: The filing, which aims to seize around $40,350 in USDT frozen by Tether, reveals that two victims sent $250,300 in USDT to a person posing as Steve Witkoff, co-chair of the President Trump's inaugural committee. However, records obtained from Binance revealed that the wallet that received the funds was registered to Ehiremen Aigbokhan, a man based in Lagos, Nigeria. The victims are identified in the filing only as "Ivan" and "Mouna." However, as outlet NOTUS noticed, Crypto payment firm Moonpay's CEO is Ivan Soto-Wright and its CFO is Mouna Ammari Siala. Furthermore, a wallet involved in the $250,300 transaction is listed by Etherscan as a MoonPay wallet.

Read more of this story at Slashdot.

joshuark writes: A Russian basketball player, Daniil Kasatkin, was arrested on June 21 in France at the request of the United States as he allegedly is part of a network of hackers. Daniil Kasatkin, aged 26, is accused by the United States of negotiating the payment of ransoms to this hacker network, which he denies. He has been studied in the United States, and is the subject of a U.S. arrest warrant for "conspiracy to commit computer fraud" and "computer fraud conspiracy." His lawyer alleges that Kasatkin is not guilty of these crimes and that they are instead linked to a second-hand computer that he purchased. "He bought a second-hand computer. He did absolutely nothing. He's stunned," his lawyer, Freric Belot, told the media. "He's useless with computers and can't even install an application. He didn't touch anything on the computer: it was either hacked, or the hacker sold it to him to act under the cover of another person." The report notes that Kasatkin briefly played NCAA basketball at Penn State before returning to Russia in 2019. He also appeared in 172 games with MBA-MAI before he left the team.

Read more of this story at Slashdot.

A Russian professional basketball player has been arrested in France at the request of the United States, which reportedly accused him of being involved in a ransomware group that allegedly targeted hundreds of American companies and federal institutions. From a report: Daniil Kasatkin, 26, was detained in June at Paris's Charles de Gaulle Airport shortly after arriving in the country with his fiancee, according to local media reports. He is currently being held in extradition custody, with a U.S. warrant reportedly issued against him. Kasatkin previously studied and played basketball in the U.S., at Penn State University. The unnamed ransomware network Kasatkin is suspected of being part of is believed to have targeted nearly 900 entities between 2020 and 2022. Local media, citing court proceedings in Paris, reported that Kasatkin allegedly helped negotiate ransom payments, though the extent of the damage caused by the attacks has not been disclosed.

Read more of this story at Slashdot.

An anonymous reader shares a report: Law enforcement officials are investigating a former employee of a company that negotiates with hackers and facilitates cryptocurrency payments during ransomware attacks, according to a statement from the firm, DigitalMint. DigitalMint President Marc Jason Grens this week told organizations it works with that the US Justice Department is examining allegations that the then-employee struck deals with hackers to profit from extortion payments, according to a person familiar with the matter. Grens did not identify the employee by name and characterized their actions as isolated, said the person, who spoke on condition that they not be identified describing private conversations. DigitalMint is cooperating with a criminal investigation into "alleged unauthorized conduct by the employee while employed here," Grens said in an email to Bloomberg News. The Chicago-based company is not the target of the investigation and the employee "was immediately terminated," Grens said, adding that he can't provide more information because the probe is ongoing.

Read more of this story at Slashdot.

Apple has filed (PDF) a lawsuit against former Vision Pro engineer Di Liu, accusing him of stealing thousands of confidential files related to his work on Apple's augmented reality headset for the benefit of his new employer Snap. The company alleges Liu misled colleagues about his departure, secretly accepted a job offer from Snap, and attempted to cover his tracks by deleting files -- actions Apple claims violated his confidentiality agreement. The Register reports: Liu secretly received a job offer from Snap on October 18, 2024, a role the complaint describes as "substantially similar" to his Apple position, meaning Liu waited nearly two weeks to resign from Apple, per the lawsuit. "Even then, he did not disclose he was leaving for Snap," the suit said. "Apple would not have allowed Mr. Liu continued access had he told the truth." Liu allegedly copied "more than a dozen folders containing thousands of files" from Apple's filesystem to a personal cloud storage account, dropping the stolen bits in a pair of nested folders with the amazingly nondescript names "Personal" and "Knowledge." Apple said that data Liu copied includes "filenames containing confidential Apple product code names" and files "marked as Apple confidential." Company research, product design, and supply chain management documents were among the content Liu is accused of stealing. The complaint also alleges that Liu deleted files to conceal his activities, a move that may hinder Apple's ability to determine the full scope of the data he exfiltrated. "Mr. Liu additionally took actions to conceal his theft, including deceiving Apple about his job at Snap, and deleting files from his Apple-issued computer that might have let Apple determine what data Mr. Liu stole," the complaint noted. Whatever he has, Apple wants it back. The company demands a jury trial on a single count of breach of contract under a confidentiality and intellectual property agreement Liu was bound to. It also asks the court to compel Liu to return all misappropriated data, award damages to be determined at trial, and reimburse Apple's costs and attorneys' fees.

Read more of this story at Slashdot.

An anonymous reader shares a report: A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police. According to the police, Mohammed Umar Taj, 31, from the Yorkshire town of Batley, was suspended from his job in nearby Huddersfield in July 2022. But the company didn't immediately rescind his network credentials, and within hours, he began altering login names and passwords to disrupt operations, the statement says. The following day, he allegedly changed access credentials and the biz's multi-factor authentication settings that locked out the firm and its clients in Germany and Bahrain, eventually causing an estimated $274,200 in lost business and reputational harm.

Read more of this story at Slashdot.