Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Criminal hacker groups fall into three broad camps, from ideologically driven actors attacking targets they dislike, to profit focused crews and state backed operators hiding behind deniability. Money driven groups dominate the landscape, yet all three types break systems, disrupt services and shape the threat model security teams face. ⸻ For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion..

Is there really honour amongst cybercriminals or is it every hacker for themselves? On this episode of Razorwire, I’m joined by Martin Voelk, a seasoned ethical hacker, to take a look at how the world’s most notorious cybercriminal groups really operate. We trace the journey from early hacking culture to today’s sprawling underworld of digital organised crime. Along the way, we ask: What does “hacker” truly mean and who actually gets caught when the authorities close in?

In Part 2 of our Russia cyber threat series, we unpack the Western cybercrime ecosystem powering Russian ransomware operations. We examine *Scattered Spider, LAPSUS$, and Shiny Hunters*, and how social engineering, SIM swapping, MFA bypass, and AI-driven voice spoofing are breaching Fortune 100 companies — without zero-days. Learn how access brokers commoditize breaches, why help desks are prime targets, and what this shift means for CISOs and security teams.

The episode explores how modern cybercrime works, from the meaning of hacker and the growth of an underground industry to scapegoats, lone wolves and cartel style structures. Listeners hear how criminals cash out, protect themselves better than victims, exploit new AI tools and treat attacks as business, with no honour in sight. ⸻ For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion..

Attackers broke into major gaming platform Ubisoft and started spraying free in-game currency, triggering confusion as teams tried to understand the sudden rush of skins and purchases. While everyone focused on the noisy mess, the intruders quietly stole source code for the full game catalogue, walking away with the real prize.

Recent figures from a DeFi agency show hundreds of millions lost in a quarter, with a significant share linked to smart contract vulnerabilities. The conversation accepts serious security gaps in decentralised finance yet also notes blockchains improving land registries in corrupt environments, where public smart contracts help protect ownership records.

Getting cyber punk’d, virtually pantsed or robbed at mousepoint is always a buzzkill, no matter how you phrase it. We partnered with creator Paul Conway to reimagine the many ways to say you got hacked.

Your biggest cybersecurity risk might not be your laptop, it could be your printer. Most companies overlook it, and hackers know it.

The RBI incident (Burger King, Tim Hortons) proves that BLA often results from a cascade of simple flaws, not one complex attack. The key mistake: GraphQL Introspection was enabled. This gave the attacker the full API blueprint - the map needed to find the open registration validation flaw and execute a massive data leak. Action Item: If you have GraphQL, check your production settings now. Disable Introspection. Don't hand the attacker the map to your castle!