Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Kosovo man pleads guilty to running online criminal marketplace BlackDB

Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024. Kosovo citizen Liridon Masurica (33) of Gjilan, aka @blackdb, pleaded guilty to running the BlackDB cybercrime market. Kosovo police arrested Masurica on December 12, 2024 and he was extradited to the US. The online criminal marketplace BlackDB.cc has […]

Scattered Spider DOJ

Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024.

Kosovo citizen Liridon Masurica (33) of Gjilan, aka @blackdb, pleaded guilty to running the BlackDB cybercrime market.

Kosovo police arrested Masurica on December 12, 2024 and he was extradited to the US.

The online criminal marketplace BlackDB.cc has been active sunce 2018, the platform offered for sale compromised credentials and PII used by crooks for tax fraud, credit card fraud, and identity theft.

The man was charged in the US with six fraud-related counts a few days before his arrest. Extradited on May 9, he appeared in court on May 12.

The Kosovo citizen faces up to 55 years in U.S. prison for conspiracy and using over 15 unauthorized access devices across six fraud charges.

The FBI led the investigation with support from the Kosovo Police’s Cybercrime Investigation Directorate. The FBI’s Legal Attaché Office in Sofia and the DOJ’s Office of International Affairs played key roles in securing Masurica’s arrest and extradition. The Special Prosecution of the Republic of Kosova and Kosovo Police’s Cybercrime Directorate also provided significant support in the arrest.

US Attorney Gregory W. Kehoe announced that Masurica has pleaded guilty to conspiracy to commit access device fraud. The Kosovan citizen faces a maximum penalty of 10 years in federal prison, however the sentencing date has not yet been set.

“Tampa, Florida – United States Attorney Gregory W. Kehoe announces that Liridon Masurica (33, Gjilan, Kosovo), also known as “@blackdb,” has pleaded guilty to conspiracy to commit access device fraud. Masurica faces a maximum penalty of 10 years in federal prison.” reads the press release published by DoJ.

In December 2024, the U.S. Department of Justice (DoJ) seized Rydox, another cybercrime marketplace for selling stolen personal data and fraud tools.

Kosovars authorities arrested three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli. Kosovo nationals Ardit and Jetmir Kutleshi, Rydox administrators, were arrested in Kosovo and await extradition to the U.S. The third administrator, Sokoli, was arrested in Albania by SPAK and is set to face charges and prosecution in Albania.

The Rydox marketplace has been active since February 2016, it facilitated over 7,600 sales of stolen PII, access devices, and cybercrime tools, generating $230,000 since 2016. It offered over 321,000 products to 18,000 users, including names, social security numbers, and hacking tools. Thousands of U.S. victims were affected.

The U.S. authorities seized the Rydox domain, a coordinated operation by the FBI and Royal Malaysian Police seized servers in Kuala Lumpur, Malaysia, that hosted the illicit marketplace. 

The US authorities also seized $225,000 in cryptocurrency.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)