FBI Cybercrime Losses at $21 Billion and More

This week's cybersecurity highlights include the FBI's $21 billion cybercrime loss estimate, new Chrome protections, and a cryptocurrency scam uncovered in Ukraine.

We’ve compiled the most important cybersecurity news from the past week.

The FBI estimates cybercrime losses at $21 billion.
Chrome has implemented chip-level protection against infostealers.
In Ukraine, authorities have uncovered "cryptocurrency trading assistants".
Researchers have discovered new computer hacking methods.

FBI Estimates Cybercrime Losses at $21 Billion

Victims in the U.S. lost approximately $21 billion due to cybercrime, according to the FBI's report for 2025.

Key incidents included investment scams, business email compromise, tech support fraud, and data breaches. The agency reported a 26% increase compared to 2024.

Victims most frequently reported:

Phishing — 191,000 cases;
Ransomware — 89,000;
Investment schemes — 72,000.

Investment schemes accounted for 49% of all reported incidents, with losses totaling $8.6 billion. However, the most significant damage came from cryptocurrency-related crimes, with losses exceeding $11 billion across 181,565 cases.

Key facts from the report include:

Cyber fraud appeared in 453,000 complaints, resulting in $17.7 billion in losses;
Americans over 60 were hit hardest, suffering $7.7 billion in losses (a 37% increase year-over-year);
For the first time, the report included AI-related fraud (voice cloning, fake profiles, forged documents, and deepfake videos): 22,300 complaints with damages of $893 million.

Chrome Implements Chip-Level Protection Against Infostealers

Google has launched Device Bound Session Credentials (DBSC) technology in Chrome version 146 for Windows. This feature aims to prevent malware from stealing and using cookies.

Session cookies serve as authentication tokens, allowing users to log into accounts without re-entering their username and password. Infostealers like GlassWorm and LummaC2 have learned to effectively extract this data from memory or local browser files.

The DBSC technology cryptographically ties the user session to specific hardware — the computer's security chip:

On Windows — Trusted Platform Module;
On macOS — Secure Enclave.

Protection mechanism:

The chip generates a unique pair of public and private keys;
The private key cannot be exported outside the device;
To issue new short-term session cookies, Chrome must prove to the server that it possesses the corresponding private key.

If a hacker steals the cookies, they become useless almost immediately, as the server will not validate the session without the key stored in the hardware. macOS users will gain access to this feature in a future Chrome update.

Ukrainian Authorities Uncover "Cryptocurrency Trading Assistants"

Ukrainian law enforcement has uncovered a scheme to steal cryptocurrency under the guise of providing trading assistance to "increase profits," reports the Cyber Police.

According to the investigation, the criminals targeted potential victims in themed Telegram channels. Users were sent links to fake websites that mimicked trading platforms but contained malware — cryptodrainers.

Once victims connected their wallets to such sites, they effectively granted the criminals full access to their assets without additional confirmation.

Scale of the damage:

In one case, the suspects stole approximately ~95,000 USDT;
In another, they took over 1,000 USDT.

The stolen funds were transferred between wallets, exchanged for other assets, and converted to cash.

Law enforcement conducted 20 simultaneous searches at the residences of group members and their office. They seized computer equipment, mobile phones, cash, and records confirming illegal activities.

Four participants, including the co-organizer, have been charged with large-scale fraud and money laundering.

These charges carry a penalty of up to 12 years in prison with asset confiscation.

Researchers Discover New Computer Hacking Methods

Three research groups have introduced new types of attacks on Nvidia graphics card memory that can provide hackers with privileged access to machines by using "bit flips" in memory.

Memory cells store information as electrical charges, determining the bit values as 1 or 0. The Rowhammer attack involves intensifying the impact on certain cells to alter the charge states in neighboring cells, resulting in a "bit flip" effect.

New Rowhammer attacks targeting GDDR6 video memory include:

GDDRHammer. This attack targets RTX 6000 on the Ampere architecture. By using new "hammering" patterns, researchers achieved an average of 129 bit flips per memory bank, which is 64 times more than last year's GPUHammer. This attack allows the hacker to gain access to the CPU;
GeForge operates similarly but manipulates the memory page directory. Researchers achieved 1,171 bit flips on RTX 3060 and 202 on RTX 6000. They claim this is the first GPU-Rowhammer that allows privilege escalation to root level;
GPUBreach. The attacker forces a kernel-privileged driver to perform an out-of-bounds write. The attack was demonstrated on the RTX A6000, a model widely used for AI training.

A team from Toronto informed Nvidia, Google, AWS, and Microsoft about these findings back in November 2025. In response, Google awarded the researchers $600 through its bug bounty program. Nvidia representatives indicated they might update their previous security bulletin related to GPUHammer.

Hackers Exploit Old Vulnerability in AI Platform Flowise

Hackers have begun actively exploiting a high-severity vulnerability in the AI platform Flowise. Cybersecurity expert Caitlin Condon from VulnCheck reported this.

The tool is designed for creating applications based on LLMs using AI agents, even for users without technical skills.

According to Condon, the flaw allows JavaScript code to run without any security checks. The vulnerability was publicly disclosed last September, warning that successful exploitation could lead to command execution and access to the file system.

The issue lies in the Flowise CustomMCP node, which allows configuring connections to external servers. At the time of discovery, the activity was limited and originated from a single Starlink IP address.

There are between 12,000 and 15,000 custom instances of Flowise available online. It remains unclear what percentage of them are still vulnerable.

Condon recommended that users update their software to version 3.1.1 (or at least 3.0.6) and consider disconnecting instances from the internet if external access is not necessary.

In the U.S., Scammers Sent Phishing SMS with QR Code

Scammers have sent fake SMS messages about unpaid traffic fines, posing as courts from various U.S. states. This was reported by BleepingComputer.

The QR code directed recipients to a phishing site for a $6.99 payment, leading to the theft of personal and financial information.

According to media reports, this new campaign began several weeks ago. One user shared a message targeting New York residents. Similar SMS messages were sent to victims in other states.

Unlike previous campaigns that contained regular links, this version used an image of a supposed court notice.

The message claimed to be sent from the "New York City Criminal Court." Recipients were threatened with either immediate payment of a parking or toll violation fine or a court appearance.

How the phishing works:

The scanned code led to an intermediary site for solving a CAPTCHA, designed to evade automated security systems.
After that, users were directed to a site mimicking the Department of Motor Vehicles or another agency. In all examples, the "debt" amount was the same.
Clicking the payment button opened a form for entering personal and credit card information.

According to media reports, the stolen information could later be used for fraud and identity theft.

Also on ForkLog:

Unknown attackers targeted the Hyperliquid vault via a pump of FARTCOIN.
The password "123456" exposed a network of IT workers from North Korea in the crypto industry.
Bitcoin ATM operator Bitcoin Depot reported a hack totaling $3.7 million.
OpenAI will enhance measures to protect children.
DEX Stabble urged users to withdraw assets due to threats from North Korean hackers.
Anthropic restricted public access to the AI model Mythos after its "escape from the lab".
Bitcoin Core will conduct a public demonstration of Bitcoin consensus vulnerabilities.
Solana projects will receive a unified response system for hacks.
North Korean agents secretly wrote code for leading DeFi projects for seven years.
Details of a $280 million hack at Drift Protocol were revealed.

What to Read This Weekend?

In a new article, ForkLog, in collaboration with industry experts, explores how DAOs are evolving and what factors hinder decentralized organizations from taking their place.

New Cybersecurity Developments: Phishing via SMS and More