Phishing attacks occurring from September 2021 to April 2023 targeted employees at various companies. The attackers sent deceiving text messages posing as the victims’ IT departments. The phishing sites attempted to gain confidential information from employees. After gaining access, the suspects allegedly stole private information and millions of dollars worth of digital coins from cryptocurrency accounts. If convicted, the defendants face a maximum of 20 years in prison for wire fraud conspiracy and additional penalties for identity theft.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is