A former infrastructure engineer has pleaded guilty to launching a cyber-attack against his employer, locking administrators out of hundreds of systems in an attempt to extort the company.

According to court documents, 57-year-old Daniel Rhyne of Kansas City, Missouri, accessed the network of an industrial firm between November 9 and November 25, 2023. Using an administrator account, he deployed malicious tasks on the company’s Windows domain controllers, deleting admin accounts and resetting passwords across the network.

Prosecutors said Rhyne changed the credentials of 13 domain administrator accounts and more than 300 user accounts to a single password, while also compromising thousands of local administrator accounts on workstations and servers. He further disrupted operations by programming systems to randomly shut down devices over several days. He then sent a ransom email to coworkers claiming the network had been fully compromised. The message warned that servers would be shut down daily unless the company paid 20 bitcoin, worth roughly $750,000 at the time.

Administrators quickly detected unusual password reset alerts and discovered that all domain administrator accounts had been deleted. Evidence was found that the attack had been planned in advance, including online searches related to bypassing system logs and remotely altering account credentials.

Rhyne was arrested in August and has since pleaded guilty to hacking and extortion charges. He now faces a potential sentence of up to 15 years in prison.

Convicted spyware maker avoids jail at sentencing

A US federal court has sentenced spyware developer Bryan Fleming to time served and a $5,000 fine. Fleming, who pleaded guilty in January of this year, was sentenced after admitting to creating, marketing, and selling spyware through his company pcTattletale.

Despite the seriousness of the charges, prosecutors had recommended against a custodial sentence or additional financial penalties. The court ultimately agreed, handing down a sentence that avoids jail time.

The investigation was led by Homeland Security Investigations (HSI), a division of US Immigration and Customs Enforcement, which brought charges in 2025 as part of a broader crackdown on the consumer spyware industry.

Spyware like pcTattletale is often categorized as “stalkerware,” tools that allow individuals to secretly monitor others’ devices. The apps can capture messages, photos, and even real-time location data, typically without the victim’s knowledge.

Court documents allege that Fleming knowingly helped customers who wanted to spy on non-consenting individuals, including adults with whom they had no employment relationship.

In another case, Philip Durachinsky, an Ohio man accused of creating and using the Fruitfly spyware to hack thousands of computers and steal sensitive data, has been released after spending over nine years in pretrial detention. Arrested in 2018 for malware he allegedly began developing as a teenager, he faced serious charges, including surveillance and child exploitation. A judge ordered his release, noting prosecutors had not brought the case to trial and that he had already served significant time. Local news outlets reported that Durachinsky will remain under strict conditions, living with his parents without internet access while preparing for trial.

Hospital contractor arrested for stealing data of over 50,000 patients

Hong Kong police have arrested a man working for a contractor commissioned by the Hospital Authority on suspicion of stealing the personal data of more than 50,000 patients.

The arrest came just days after the city’s privacy watchdog and police launched an investigation into a large-scale data breach affecting more than 56,000 patients served by the authority. Officials reported that the data had been accessed from the inside rather than via an external cyber-attack.

The suspect allegedly gained unauthorized access to a relevant system and stole sensitive patient information. His motive remains unclear, though authorities said the case does not involve blackmail or the sale of data on the Dark Web.

The breach compromised a wide range of personal details, including names, identity card numbers, gender, dates of birth, hospital visit records and information related to surgical procedures.

The Hospital Authority said its monitoring system detected suspicious activity and a potential data leak on a third-party platform. However, an internal review found no evidence of a cyber-attack on its network systems. The authority suspended the contractor’s system maintenance work and is cooperating fully with the ongoing investigation.

Ukraine dismantles fraud ring that stole crypto assets via drainer malware

Ukraine’s law enforcement authorities have dismantled a large-scale fraud scheme targeting both Ukrainian and foreign citizens. The group ran an underground call center and, posing as investment advisors, tricked victims into making deals on cryptocurrency exchanges.

The scheme generated nearly $100,000 in monthly profits for the gang. The fraudsters reportedly used popular Telegram channels to promote posts advertising seemingly profitable cryptocurrency projects.

Victims were directed to a fake website designed to mimic a well-known crypto investment service that hosted malicious code (a so-called drainer) designed to steal digital assets from victims’ crypto wallets.

During a series of 20 searches conducted at offices and residences linked to the suspects, investigators seized mobile phones, computer equipment, and cash believed to have been obtained through illegal activities.

Four suspects were arrested. If convicted, they face up to 12 years in prison, as well as confiscation of property.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Cambodia’s new law on cyber scam operations introduces life imprisonment and hefty fines

Cambodia has recently passed a new law that gives strict punishments for people involved in cyber scam operations. Operators of scam compounds face 5–10 years in prison and fines of 500 million to 1 billion riel ($125,000–$250,000).

If torture or kidnapping is involved, sentences can reach 20 years and fines from 1 billion to 2 billion ($250,000 to $500,000). If deaths occur, they may face 30 years or life in prison.

Workers, even those who joined willingly, can get up to 10 years in prison and similar fines of 500 million to 1 billion riel ($125,000 to $250,000). Recruiters and trainers can face up to 5 years in prison and fines of 200 million to 500 million riel (about $50,000 to $125,000), which increase to 10 years and up to $250,000 if abuse or deaths happen.

People who collect or sell personal data to scammers can receive 3–5 years in prison and fines ranging from 100 million to 300 million riel ($25,000 to $75,000).