Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it.This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all looks until the bill arrives.The full ThreatsDay list is below.
Global fraud bust
A global anti-fraud operation involving 97 countries and territories has resulted in the arrest of 5,811 individuals and the interception of $293 million in illicit assets as part of an operation codenamed First Light 2026 that took place between January 15 and April 30, 2026, to tackle social engineering scams and associated money laundering activities. "Over 142,000 victims globally were identified during Operation First Light 2026, highlighting the extent to which social engineering scams and fraud have escalated into a major transnational threat, affecting individuals, businesses, and governments," INTERPOL said. More than 23,000 cases were solved, and 15,606 suspects have been identified. In Eswatini, authorities arrested 82 people and dismantled a criminal network running illegal online gambling, money laundering, and elaborate impersonation scams. The Thai police made two arrests and uncovered a money laundering scheme that converted illicit funds from romance scams into various cryptocurrencies, using cross-chain token swaps to obscure the financial trail.






