Spanish police have arrested a 20-year-old man accused of hacking a hotel booking website to reserve luxury rooms for as little as one cent. According to police, the suspect allegedly altered the validation process of an electronic payment platform, which made bookings appear fully paid, when in fact only one cent was charged for rooms costing up to €1,000 ($1,500) per night.

The man, a Spanish national, is also accused of consuming minibar items during his stays and occasionally leaving additional bills unpaid. At the time of his arrest, he was staying at a luxury hotel in Madrid with a four-night reservation totaling €4,000. Authorities said he had stayed at the same hotel multiple times, causing losses exceeding €20,000.

The investigation began earlier this month after an online booking platform reported suspicious activity. Although transactions initially appeared to have been completed correctly, irregularities were uncovered days later when the payment platform transferred the actual amounts received to the affected company.

A Dutch man arrested for alleged police extortion

Dutch authorities have arrested a 40-year-old man from Ridderkerk on suspicion of computer hacking and attempted extortion of the local police force.

The suspect was taken into custody after he allegedly accessed and downloaded confidential police documents due to an internal police error. Officers later searched his home and seized data storage devices to secure the sensitive files and prevent their possible distribution.

According to police, the incident began on February 12, when the man contacted authorities in connection with a separate ongoing investigation. He claimed to possess images that could be relevant to the case. An officer sent him a link intended for uploading the material. However, due to a mistake, the man received a download link instead, which granted him access to confidential police files.

The man proceeded to download the documents. When police realized the error, they instructed him to stop and delete the files. He allegedly refused, saying he would only comply if he “received something in return.”

Authorities say the demand prompted the decision to arrest him on suspicion of computer intrusion and extortion. Police have since reported the data breach internally and launched an investigation into both the security lapse and the suspect’s actions. Officials said that the arrest was necessary to recover the confidential information and to prevent further dissemination of sensitive material. The investigation remains ongoing.

Suspected Phobos ransomware affiliate arrested in Poland

Polish authorities have detained a 47-year-old man suspected of being involved in the Phobos ransomware activities and seized electronic devices containing stolen data. Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) arrested the suspect in the Małopolska region during a joint operation involving units from Katowice and Kielce. The action was carried out as part of “Operation Aether,” an international law enforcement effort coordinated by Europol targeting the infrastructure and affiliates of the Phobos ransomware network.

During a search of the suspect’s home, police found computers and mobile phones containing files with login credentials, passwords, credit card numbers, and server IP addresses. Authorities also determined that the suspect allegedly communicated with members of the Phobos group using encrypted messaging applications.

The man now faces charges under Article 269b of Poland’s Criminal Code for producing, acquiring, and distributing software designed to unlawfully obtain information from computer systems. If convicted, he faces up to five years in prison.

Phobos is a long-running ransomware-as-a-service (RaaS) operation believed to be an evolution of the Crysis (Dharma) malware family. While less publicly known, the operation remains one of the most prolific. In particular, between May and November 2024, Phobos accounted for roughly 11% of submissions to the ID Ransomware tracking service. The US authorities have previously linked the group to breaches at more than 1,000 public and private organizations globally, with ransom payments exceeding $16 million.

Operation Aether has targeted individuals across multiple levels of the Phobos network, including backend infrastructure operators and affiliates responsible for network intrusions and data encryption. In February 2025, four European hackers were arrested as part of a joint effort by Thai, Swiss, and US authorities in connection to Phobos, and the US Department of Justice charged two Russian nationals for operating the ransomware.

In November 2024, an alleged Phobos administrator was extradited to the United States. Another suspected Phobos affiliate was arrested in Italy in 2023.

Ukrainian police detain two men over $115,000 hospital fraud

Ukrainian cyberpolice have detained two men suspected of stealing more than $115,000 in government funds from a local hospital in the Sumy region.

According to the authorities, the suspects gained unauthorized access to a hospital accountant’s computer by using remote administration software. This allowed them to interfere in the hospital’s financial operations and illegally transfer budget funds to accounts linked to their own company.

After examining digital evidence and financial transactions, police officers identified the alleged perpetrators as two residents of the Volyn region, aged 45 and 40. Law enforcement officials said that nearly 4.98 million hryvnias (approximately $115,000) were transferred to the account of a limited liability company owned by one of the suspects.

During the pre-trial investigation, police conducted five court-authorized searches at the suspects’ residences. Officers seized computer equipment, mobile phones, data storage devices, bank cards, cash, and other items.

The two men have been formally notified of suspicion on charges of unauthorized interference in information systems and large-scale theft under Ukraine’s Criminal Code. Authorities are currently deciding on preventive measures for the suspects as the investigation continues.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

A phisher sentenced to 8 years for $1.3M tax fraud involving Warzone RAT

A Nigerian national who had been living in Mexico was sentenced in the United States for orchestrating a years-long scheme to hack tax preparation firms and file fraudulent tax returns. Matthew A. Akande, 37, was sentenced to eight years in prison, followed by three years of supervised release. He was also ordered to pay over $1,3 million in restitution.

Akande was arrested in October 2024 at Heathrow Airport in the UK at the request of the United States. He was extradited to the US on March 5, 2025. A federal grand jury indicted him in July 2022 on multiple charges, including conspiracy to obtain unauthorized access to protected computers in furtherance of fraud, wire fraud, theft of government money, and aggravated identity theft.

According to court documents, between June 2016 and June 2021, Akande and his co-conspirators stole taxpayers’ personally identifiable information (PII) and used it to file fraudulent tax returns seeking refunds from the Internal Revenue Service.

The scheme targeted five Massachusetts tax preparation firms. Akande was responsible for sending phishing emails posing as prospective clients seeking tax services. The emails were designed to trick recipients into downloading remote access malware, including Warzone RAT.

Once installed, the malware allowed Akande to access sensitive client data, including prior-year tax information. He then used the information to file fraudulent returns directing refunds to bank accounts opened by co-conspirators in the US. The funds were then withdrawn in cash and partially transferred to third parties in Mexico at Akande’s direction, with accomplices keeping a share.

Prosecutors said Akande and his associates filed more than 1,000 fraudulent tax returns over approximately five years, seeking more than $8.1 million in refunds. Authorities said the scheme netted more than $1.3 million in fraudulent tax refunds before it was uncovered.