An inmate at Târgu Jiu Penitentiary had managed to hack into Romania’s national prison computer system, tampering with sensitive data including inmate sentences and financial accounts. 36-year-old inmate Aurel Z., currently serving a nearly ten-year sentence for financial fraud, accessed the system using an inmate information kiosk.

According to officials, he exploited credentials belonging to a former prison director at Dej Penitentiary Hospital, gaining administrator-level access to the nationwide network. Using this access, the inmate altered records for at least 15 prisoners, changing sentence durations, modifying inmate account balances, deleting purchase histories to trigger refunds, and granting access to restricted adult content.

The suspicious activity was uncovered after an accounting officer noticed discrepancies totaling over 10,000 lei (~$2,300) in unauthorized purchases and an unusual transaction involving 5 million lei (~$1.14 million) credited and then reduced to 5,000 lei in one account. The hacker also accessed personal data such as inmates’ phone numbers, disciplinary records, and religious affiliations.

The National Penitentiary Administration (ANP) and the Ministry of Justice have confirmed the incident and said that at least seven dormant user accounts were exploited during the intrusion. Currently, it's unclear what repercussions the inmate will face for his activities.

Major cybercrime SIM-box network dismantled in SIMCARTEL operation

European law enforcement agencies have dismantled a large-scale cybercriminal operation that enabled telecom fraud across the globe. The operation, codenamed ‘SIMCARTEL,’ targeted an illegal SIM-box service responsible for facilitating over 3,200 known fraud cases and causing at least €4.5 million in losses.

Investigators discovered 1,200 SIM-box devices and approximately 40,000 active SIM cards, which cybercriminals used to provide fake phone numbers for illicit activities, including phishing, investment scams, impersonation, and extortion.

Authorities carried out a series of raids that saw five Latvian nationals arrested, along with two additional suspects. During the raids, law enforcement seized hundreds of thousands of SIM cards, five servers, two websites, four luxury vehicles, and froze €431,000 in bank accounts and $333,000 in cryptocurrency.

The criminal network operated via two websites that allowed users to rent phone numbers registered in over 80 countries, enabling them to create and verify more than 49 million fraudulent online accounts. According to Europol, the SIM-box network supported a wide range of crimes, from online marketplace scams and fake investment platforms to impersonation of police officers and WhatsApp money transfer frauds.

Myanmar shuts down major online scam hub, detains over 2,000

Myanmar authorities have dismantled a massive online scam operation near the Thai border, detaining more than 2,000 people and confiscating high-tech equipment, including dozens of Starlink satellite internet terminals.

The raid targeted KK Park, a well-known cybercrime hub, as part of a wider crackdown on online fraud, illegal gambling, and cross-border cybercrime that began in early September. Authorities discovered over 260 unregistered buildings and seized 30 sets of Starlink terminals used to maintain internet access in the remote area.

Myanmar has become notorious as a base for international cyberscam operations, where victims are lured online through fake romantic relationships and fraudulent investment schemes. The criminal networks frequently recruit foreign workers, luring them with false job offers, only to detain them and force them into participating in scams.

Earlier in October, the US and UK imposed sanctions on organizers of a similar cybercrime ring in Cambodia, with the alleged ringleader indicted in a US federal court.

A man jailed for spamming Tube commuters with fraudulent texts using SMS blaster

A man who used an SMS blaster to spam hundreds of London Underground commuters with fraudulent messages during rush hour has been jailed for 24 weeks, following a British Transport Police (BTP) investigation.

Kong Ji Chen, 31, was arrested after the police were alerted by a commuter about a suspicious text, purporting to be from “Parcel Mail,” prompting recipients to click a link and input personal details. The commuter noticed Chen loitering on the platform at Victoria station with a large suitcase but not boarding any trains.

Officers arrived at the scene and found Chen sitting alone with the suitcase. He claimed he was waiting for a friend and said the suitcase had been handed to him by another man earlier in the day. However, during the search of the bag, police officers found an SMS blaster.

A BTP officer later confirmed receiving the same spam message on their phone, linking it to the device. Investigators found that between 2:38pm and 10:37pm that day, mobile carriers received 165 reports of the same fraudulent text originating from the same number. Despite initially denying knowledge of the device, Chen eventually admitted his involvement. The court handed him a 24-week prison sentence for the offense.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Japan makes first arrest over AI-generated sexual deepfake images

Tokyo police have made Japan’s first arrest related to the use of generative artificial intelligence to create and sell sexually explicit deepfake images of celebrities.

Hiroya Yokoi, a 31-year-old office worker from Akita Prefecture, was taken into custody on suspicion of producing and distributing obscene materials. Authorities allege that Yokoi generated thousands of fake explicit images featuring more than 260 female celebrities, including actors, idols, and news announcers.

Police said Yokoi has admitted to the charges. Investigators believe that between January and June 2025, he uploaded AI-generated images of three celebrities to an online platform. It is said that Yokoi began creating the images in October 2024 to supplement his income and repay student loans after seeing others profit from similar content. He allegedly promoted the images on social media, directing followers to a subscription site featuring around 20,000 deepfake images, with subscribers able to request custom creations for an extra fee.

At least 50 users reportedly subscribed, earning Yokoi about 1.2 million yen (roughly $8,000) over 11 months. Police say the suspect taught himself how to use AI tools through online tutorials and used freely available software to generate explicit content.

Earlier this month, an Australian citizen was fined around $350,000 for creating and distributing AI-generated deepfake explicit images of prominent women. Last year, a British man was jailed for over two years for creating deepfake pornographic images of children and women and sharing them online.