‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

securityweek.com·May 22, 2026

The FBI has reported that First VPN has been utilized by multiple ransomware groups for network reconnaissance and intrusions, leading to the disruption of the service and the arrest of its administrator.

The key learning for you is to prioritize monitoring and potentially blocking VPN services that are frequently exploited by cybercriminals for network reconnaissance and intrusions, such as First VPN, as part of your threat intelligence and incident response strategy.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

darkreading.com
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
The virtual event "Anatomy of a Data Breach: What to Do if it Happens to You," scheduled for June 18, 2026, aims to equip SecOps teams with knowledge on vulnerabilities and incident response strategies to better prepare for potential cyberattacks. Participants will explore the latest tools and best practices to help prevent becoming victims of data breaches.
bleepingcomputer.com
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Hackers, identified as DriveSurge, have compromised thousands of websites to execute large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques, which trick users into downloading malicious software. The campaigns utilize a Traffic Distribution System (zTDS) to redirect visitors and employ social engineering tactics to facilitate malware infections.
bleepingcomputer.com
Red Hat npm packages compromised to steal developer credentials
Over 30 npm packages from Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, distributing a new variant of credential-stealing malware called "Miasma." The malicious packages were designed to steal sensitive developer credentials and were removed by Red Hat upon discovery, with no impact reported on customer environments.
bleepingcomputer.com
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police have arrested an individual responsible for leaking sensitive personal data of government employees, including those from key state organizations such as the National Cybersecurity Institute. The leak posed significant national security risks, prompting an urgent investigation and raid on the suspect's residence.
securityweek.com
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
A critical vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732, is being exploited by threat actors to take over websites by allowing unauthenticated users to create administrative accounts. The issue has been addressed in version 6.1.1 of the plugin, which now includes capability checks to restrict access.

Browse all Cybersecurity News →

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites