Risky Bulletin Risky Bulletin: Iranian password sprays came first, then came the missiles
15 snips
Apr 1, 2026 Cyber attacks tied to real-world strikes and the link between password spraying and missile targets. A major npm package was hijacked to deliver malware and another leaked source code via a map file. Legal fallout from crypto thefts and wash trading charges surfaced alongside long sentences for scam operators. Reports cover new phishing platforms, zero-days pushing malicious updates, and geopolitical threats to tech firms.
AI Snips
Chapters
Transcript
Episode notes
Nigerian Scammer Sentenced After Flaunting Loot
- A Nigerian national, Owulabi, received 15 years in US prison for classic Nigerian print scams that stole over $1.5 million.
- Prosecutors highlighted his social-media flaunting of stolen wealth when seeking a harsh sentence.
Flint 24 Sentenced Over Carding Marketplaces
- Russia sentenced 26 Flint 24 group members to 5–15 years for running extensive carding shops and selling citizens' data.
- Authorities dismantled the group in 2020, revealing long-running underground marketplaces for stolen Russian data.
Watch For Device Code Phishing Automation
- Monitor for device code phishing campaigns that abuse Microsoft device linking flows to gain access without credentials.
- The new Evil Tokens platform automates these attacks and has been used widely since February.