Cybersecurity Weekly: Fake Crypto Exchange, Telegrams Alleged Ties to FSB, and Global Fraud Operations

Here’s a unique rewrite of the provided text in English while maintaining its original meaning:

We have compiled the most significant cybersecurity news from the past week.

The National Police of Ukraine in the Sumy region has uncovered an alleged operator of a fraudulent cryptocurrency exchange who misappropriated funds under the guise of Bitcoin trading.

According to the investigation, a 23-year-old resident of Kyiv Oblast created a facade of legitimate transactions involving digital assets, pocketing the money for himself. The total financial loss exceeded 7.6 million hryvnias (approximately $184,000).

During a search, law enforcement seized cash, a mobile phone, and a Lexus car.

The suspect has been charged with large-scale fraud.

Five individuals from China, the USA, and Turkey have pleaded guilty to being part of an international criminal organization that laundered over $36.9 million as a result of cryptocurrency investment scams, as reported by Bleeping Computer.

Accomplices living in Cambodia sought victims through social media and online dating services, operating under the name Axis Digital Limited. Funds were directed to an account at Deltec Bank in the Bahamas and then converted to USDT.

Some of the defendants have been in custody since 2024, acknowledging their roles in laundering stolen money through American shell companies, international bank accounts, and cryptocurrency wallets. They face prison sentences ranging from five to 25 years.

Law enforcement agencies from 26 countries, led by Interpol, have blocked over 20,000 IP addresses and domains associated with information-stealers in Southeast Asia.

Authorities seized 41 servers containing over 100 GB of data and arrested 32 individuals in Vietnam and Sri Lanka, including a leader of a certain group who was found with over 300 million dong (approximately $11,500) in cash.

These individuals are potentially linked to malware such as RisePro, META Stealer, and Lumma, which steal browser credentials, passwords, and cryptocurrency wallet contents.

Researchers at Brute Cat reported that users’ phone numbers linked to Google accounts could be obtained via an outdated account recovery form.

With JavaScript disabled, two POST requests allowed them to determine if a phone number was associated with a Google account based on the displayed profile name.

This vulnerability potentially opened the door for phishing attacks and SIM-swapping schemes.

Later, Google confirmed to Bleeping Computer that the issue has been fixed.

Researchers at HiddenLayer disclosed a security flaw in tokenization methods involving input manipulation. A single extra character or alteration of a word while retaining its meaning can bypass filters designed to detect malicious text input.

This attack, dubbed TokenBreak, only left Unigram resistant to such exploits.

Researchers from the University of Florida claimed that radio signals with recorded information could be intercepted during the sound processing of microphones in laptops, phones, and smart speakers.

Experts noted that microphones often activate automatically when playing audio or video content, regardless of user settings. Some remained operational even when services appeared to be turned off, creating opportunities for constant surveillance.

In their experiments, the researchers achieved an accuracy rate of up to 94.2% in recognizing spoken digits through a 25-centimeter concrete wall, with some transcriptions containing only a 6.5% error rate.

Investigative journalists from “Important Stories” revealed that the server infrastructure for Telegram is managed by the companies “Electrontelecom” and GlobalNet, which also serve secret facilities of the FSB. The outlet suggests that these entities may have access to user communications.

The investigation also alleges that a vulnerability in the messenger’s protocol, which allows the tracking of users’ activities and locations globally, might have been intentionally created for Russian intelligence needs.

In a statement to the BBC, Telegram representatives characterized the messenger as a global enterprise that «has contracts with various service providers worldwide,» asserting that none have «access to data or confidential infrastructure.»

«All Telegram servers are owned by Telegram and are maintained by Telegram employees,» the company stated.

They also added that the messenger «has never shared private messages with third parties, nor has its encryption ever been compromised.»

Experts from F6 reported a series of hacks targeting job applicants for software testing positions. Phishing advertisements were spotted in specialized Telegram groups, social media, and freelance websites.

Scammers offer responded users the installation of malicious applications on their devices, providing them access to SMS and push notifications from banking services.

Since April 2025, two scam groups employing this tactic have stolen over 14 million rubles from residents of Russia.

How cryptocurrencies intersect with Mexican cartels: