Law enforcement has seized the 'First VPN' service in an international operation. The platform was actively used by cybercriminals to conduct ransomware and data theft campaigns.
A virtual private network service called 'First VPN' has been taken offline following a coordinated international law enforcement action. The VPN provider facilitated ransomware attacks and data theft operations by masking the digital footprints of threat actors.
The takedown involved multiple jurisdictions working together to disrupt the service's infrastructure. First VPN allowed attackers to anonymize their activities while penetrating networks, deploying ransomware, and exfiltrating sensitive data from victims across multiple sectors.
Investigators identified the service as a key tool in numerous high-profile cyber incidents. By removing First VPN from operation, authorities aim to disrupt the attack chains used by criminal groups and raise the operational costs for conducting cyberattacks.
The seizure is part of a broader effort by international law enforcement to target the infrastructure supporting cybercrime. Recent years have seen increased focus on disrupting VPN services, hosting providers, and communication platforms that enable illegal activity.
Authorities did not disclose specific details about the investigation timeline or the number of victims affected by attacks routed through First VPN. However, the operation underscores the critical role VPN services play in cybercriminal operations.
The takedown also highlights ongoing challenges in combating ransomware-as-a-service operations, which have proliferated across the dark web. Criminal groups continue adapting their tactics and infrastructure to evade law enforcement.
Organizations are advised to review their security logs for indicators of compromise linked to First VPN traffic patterns. The seizure does not eliminate the broader threat landscape, as other VPN services and anonymization tools remain available to threat actors.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.