Threatsday Bulletin: Whatsapp Hijacks, Mcp Leaks, AI Recon,...

This week's ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from.

From shifting infrastructures to clever social hooks, the week's activity shows just how fluid the threat landscape has become.

Here's the full rundown of what moved in the cyber world this week.

Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine, along with Eurojust, took action against a criminal network operating call centers in Dnipro, Ivano-Frankivsk, and Kyiv that scammed more than 400 victims across Europe out of more than €10 million ($11.7 million). "The criminal group established a professional organisation with employees who received a percentage of the proceeds for each completed scam," Eurojust said. "The fraudsters used various scams, such as posing as police officers to withdraw money using their victims' cards and details, or pretending that their victims' bank accounts had been hacked. They convinced their victims to transfer large sums of money from their 'compromised' bank accounts to 'safe' bank accounts controlled by the network. They also lured victims into downloading remote access software and entering their banking details, enabling the criminal group to access and control the victims' bank accounts." The call centers employed approximately 100 people and were recruited from the Czech Republic, Latvia, Lithuania, and other countries. They played different roles, ranging from making calls and forging official certificates from the police and banks to collecting cash from their victims. Employees who successfully managed to obtain money from their victims would receive up to 7% of the proceeds to encourage them to continue the scam. The criminal enterprise also promised cash bonuses, cars, or apartments in Kyiv for employees who obtained more than €100,000. The operation led to the arrest of 12 suspects on December 9, 2025. Authorities also seized cash, 21 vehicles, and various weapons and ammunition.

The U.K. government reportedly will "encourage" Apple and Google to prevent phones from displaying nude images except when users verify that they are adults. According to a new report from The Financial Times, the push for nudity-detection won't be a legal requirement "for now," but is said to be part of the government's strategy to tackle violence against women and girls. "The U.K. gov

Source: The Hacker News