✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Gambling/Casinos
Breach intelligence, attack campaigns, and threat reports targeting the Gambling/Casinos sector.
Explore Other Sectors
Gambling/Casinos Threat Reports
DraftKings 2022 Credential Stuffing Attack: A Case Study
In November 2022, DraftKings, a prominent fantasy sports and betting platform, experienced a credential stuffing attack that compromised approximately 60,000 user accounts. The attackers, led by Nathan Austad, known online as "Snoopy," exploited reused login credentials to gain unauthorized access. In about 1,600 cases, they added new payment methods to the compromised accounts and withdrew funds, resulting in approximately $600,000 in losses. The remaining compromised accounts were sold on cybercriminal marketplaces. Austad was sentenced to 18 months in federal prison, ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000. This incident underscores the persistent threat of credential stuffing attacks, particularly in the online betting industry, where user accounts often contain sensitive financial information. It highlights the critical need for robust password policies, multi-factor authentication, and user education to prevent unauthorized access and financial losses.
22 hours ago
Kill Chain
DraftKings 2022 Credential Stuffing Attack: A Case Study
In November 2022, DraftKings, a prominent sports betting platform, experienced a credential stuffing attack that compromised approximately 68,000 user accounts. Attackers exploited reused or weak passwords to gain unauthorized access, leading to the theft of nearly $300,000 from customer accounts. The company promptly reimbursed affected users and emphasized the importance of unique passwords and two-factor authentication to enhance account security. This incident underscores the growing threat of credential stuffing attacks, where cybercriminals leverage stolen credentials from previous breaches to infiltrate accounts on other platforms. The DraftKings case highlights the critical need for robust password practices and multi-factor authentication to mitigate such risks.
1 day ago
Kill Chain
Google Engineer Arrested for Insider Trading on Polymarket
In May 2026, Michele Spagnuolo, a 36-year-old Google security engineer, was arrested in New York for allegedly using confidential internal data to profit on the Polymarket prediction platform. Spagnuolo accessed nonpublic 'Year in Search' data to place bets on the most searched individuals of 2025, resulting in over $1.2 million in gains. He faces charges including commodities fraud, wire fraud, and money laundering, with potential sentences totaling up to 50 years in prison. This incident underscores the growing scrutiny of insider trading within emerging financial platforms like prediction markets. It highlights the critical need for robust internal controls and monitoring to prevent the misuse of proprietary information, especially as digital platforms become increasingly integrated into financial activities.
3 weeks ago
Kill Chain
U.S. Government Targets Southeast Asian Cyber Scam Networks Exploiting Forced Labor
In April 2026, the U.S. government executed a coordinated crackdown on Southeast Asian cyber scam operations targeting American citizens. This initiative led to the indictment of two Chinese nationals managing a scam compound in Myanmar, sanctions against 29 individuals—including a Cambodian senator—and the seizure of over 500 fraudulent investment websites. These operations exploited forced labor to conduct social engineering attacks, deceiving victims into transferring funds to fake cryptocurrency investment platforms. The financial impact on American victims was substantial, with losses amounting to billions of dollars. This incident underscores the escalating threat posed by transnational cybercrime networks employing sophisticated social engineering tactics. The involvement of high-ranking officials and the use of forced labor highlight the complexity and scale of these operations. It also reflects the increasing collaboration between international law enforcement agencies to combat such threats, emphasizing the need for continuous vigilance and adaptive cybersecurity measures.
2 months ago
Kill Chain
Scattered Spider Hacker Arrested in Finland Faces U.S. Charges
In April 2026, a 19-year-old dual U.S. and Estonian citizen, known online as "Bouquet," was arrested at Helsinki Airport in Finland while attempting to board a flight to Japan. U.S. federal prosecutors have charged him with wire fraud, conspiracy, and computer intrusion, alleging his involvement in at least four cyberattacks orchestrated by the Scattered Spider hacking group. These attacks, dating back to March 2023, targeted multiple large corporations, resulting in millions of dollars in ransom payments and significant operational disruptions. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/us-reportedly-charges-scattered-spider-hacker-arrested-in-finland/?utm_source=openai)) This arrest underscores the persistent threat posed by cybercriminal groups like Scattered Spider, which employ sophisticated social engineering tactics to infiltrate organizations. The incident highlights the critical need for robust cybersecurity measures, including advanced threat detection and employee training, to mitigate the risks associated with such attacks.
1 month ago
Kill Chain
DraftKings Credential-Stuffing Attack Results in 30-Month Prison Sentence
In November 2022, DraftKings, a prominent sports betting platform, experienced a credential-stuffing attack that compromised nearly 68,000 user accounts. Attackers utilized previously stolen credentials to gain unauthorized access, leading to the theft of approximately $635,000 from around 1,600 accounts. The perpetrators, including Nathan Austad and Joseph Garrison, sold access to these accounts, with accomplice Kamerin Stokes reselling them through his own platform. Stokes, known online as 'TheMFNPlug,' continued his illicit activities even after initial legal actions, reopening his shop with the tagline 'fraud is fun.' This incident underscores the persistent threat of credential-stuffing attacks, especially in industries handling sensitive financial information. The case highlights the importance of robust cybersecurity measures and the need for users to employ unique, strong passwords across different platforms to mitigate such risks.
2 months ago
Kill Chain
Torg Grabber: The Infostealer Targeting Cryptocurrency Wallets
In March 2026, cybersecurity researchers identified 'Torg Grabber,' a sophisticated infostealer malware targeting 728 cryptocurrency wallet browser extensions. The malware gains initial access through the 'ClickFix' technique, hijacking the clipboard to execute malicious PowerShell commands. Once inside, Torg Grabber exfiltrates sensitive data from 25 Chromium-based browsers and 8 Firefox variants, including credentials, cookies, and autofill data. It also targets 103 password managers and two-factor authentication tools, as well as 19 note-taking applications. The malware employs advanced evasion tactics, such as multi-layered obfuscation and reflective loading, to remain undetected. ([asec.ahnlab.com](https://asec.ahnlab.com/en/92902/?utm_source=openai)) The rapid development and deployment of Torg Grabber underscore a growing trend in the cyber threat landscape: the convergence of infostealers and ransomware. This evolution highlights the increasing sophistication of cybercriminals and the urgent need for organizations to enhance their security measures to protect sensitive data and digital assets. ([cyfirma.com](https://www.cyfirma.com/research/the-convergence-of-infostealers-and-ransomware-from-credential-harvesting-to-rapid-extortion-chains/?utm_source=openai))
3 months ago
Kill Chain
Operation Synergia III: A Landmark in Global Cybercrime Enforcement
Between July 2025 and January 2026, INTERPOL coordinated Operation Synergia III, a global initiative involving 72 countries aimed at dismantling cybercriminal infrastructures. The operation resulted in the sinkholing of 45,000 malicious IP addresses, seizure of 212 electronic devices and servers, and the arrest of 94 individuals, with an additional 110 suspects under investigation. Notable actions included the arrest of 10 individuals in Togo involved in social engineering schemes and the identification of over 33,000 phishing websites in Macau impersonating financial institutions to steal sensitive information. This operation underscores the escalating sophistication and global reach of cybercrime, highlighting the necessity for international collaboration in combating these threats. The success of Operation Synergia III demonstrates the effectiveness of coordinated efforts in disrupting cybercriminal networks and mitigating their impact on global security.
3 months ago
Kill Chain
INTERPOL's Global Crackdown: 45,000 Malicious IPs Dismantled, 94 Arrested
Between July 18, 2025, and January 31, 2026, INTERPOL coordinated a global operation involving 72 countries, resulting in the dismantling of 45,000 malicious IP addresses and servers associated with phishing, malware, and ransomware activities. This effort led to the arrest of 94 individuals and the seizure of 212 electronic devices and servers. Notable actions included the arrest of 40 suspects in Bangladesh linked to various cybercrimes and the identification of over 33,000 fraudulent websites in Macau targeting critical infrastructure. This operation underscores the escalating threat of transnational cybercrime and the necessity for coordinated international responses. The increasing sophistication and scale of cybercriminal activities highlight the urgent need for enhanced cybersecurity measures and global cooperation to protect individuals and organizations from emerging digital threats.
3 months ago
Kill Chain
Apple 2026: Coruna Exploit Kit Targets iOS Devices
In early 2025, the Coruna exploit kit emerged as a sophisticated tool targeting Apple iOS devices, leveraging 23 vulnerabilities across five exploit chains to compromise devices running iOS versions 13.0 through 17.2.1. Initially utilized by a surveillance vendor's client, it was later deployed by Russian state-backed group UNC6353 in mid-2025 and by Chinese financially motivated actor UNC6691 by late 2025, leading to significant data breaches and financial losses. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/spyware-grade-coruna-ios-exploit-kit-now-used-in-crypto-theft-attacks/?utm_source=openai)) The Coruna exploit kit's evolution underscores the escalating sophistication of cyber threats targeting mobile devices, highlighting the critical need for timely security updates and robust defense mechanisms to protect sensitive user data and maintain device integrity.
3 months ago
Kill Chain
Spanish Authorities Dismantle Online Gambling Ring Exploiting Ukrainian Women
In March 2026, Spanish and Ukrainian law enforcement authorities dismantled a criminal network that exploited vulnerable Ukrainian women to facilitate an online gambling scheme, laundering approximately €4.75 million in illicit proceeds. The organization targeted women displaced by the war in Ukraine, bringing them to Spain under the guise of providing assistance. Once in Spain, the victims were coerced into opening bank accounts and credit cards, which the criminals then controlled to conduct fraudulent online gambling activities. The operation led to the arrest of 12 suspects and the seizure of significant assets, including mobile phones, computers, vehicles, and frozen bank accounts across multiple countries. This incident underscores the increasing trend of cybercriminals exploiting vulnerable populations to facilitate financial crimes. The use of sophisticated methods, such as automated betting systems and identity theft, highlights the evolving nature of online fraud and the necessity for robust international cooperation to combat such transnational criminal activities.
3 months ago
Kill Chain
Europol's Project Compass Dismantles The Com Cybercriminal Network
In January 2025, Europol initiated 'Project Compass,' a collaborative effort involving law enforcement agencies from 28 countries, including the United States, to dismantle 'The Com,' a decentralized cybercriminal network notorious for targeting minors through cyberattacks, extortion, and exploitation. Over the course of a year, this operation led to the arrest of 30 individuals and the identification of 179 suspects associated with The Com. Authorities also identified 62 victims, directly safeguarding four of them from further harm. The Com's activities encompassed a range of cybercrimes, including ransomware attacks on prominent organizations and the coercion of minors into producing explicit content. ([cyberscoop.com](https://cyberscoop.com/project-compass-the-com-europol/?utm_source=openai)) The significance of this operation lies in its demonstration of the effectiveness of international cooperation in combating complex cybercriminal networks. The Com's exploitation of digital platforms to recruit and victimize young individuals underscores the urgent need for enhanced cybersecurity measures and public awareness to protect vulnerable populations from such threats. ([infosecurity-magazine.com](https://www.infosecurity-magazine.com/news/project-compass-com-arrests/?utm_source=openai))
3 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports