Microsoft disrupts cybercrime service that abused software verification systems en masse | CyberScoop<\/title> <meta name=\"description\" content=\"Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft disrupts cybercrime service that abused software verification systems en masse\"> <meta property=\"og:description\" content=\"Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-19T15:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg\"> <meta property=\"og:image:width\" content=\"2070\"> <meta property=\"og:image:height\" content=\"1449\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778775768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/89076\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=89076\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-digital-crimes-unit-disrupts-fox-tempest%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-digital-crimes-unit-disrupts-fox-tempest%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-89076 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.327292110874\">\n<div class=\"single-article__header-content\" readability=\"36.272727272727\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/89076\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"448\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse.jpg?resize=640%2C448&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Encrypted file\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg 2070w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=300,210 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=768,538 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=1024,717 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=1536,1075 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=2048,1434 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=600,420 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=240,168 240w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=481,337 481w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=964,675 964w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-2.jpg?resize=1204,843 1204w\" sizes=\"(max-width: 964px) 100vw, 964px\"><figcaption> (Malte Mueller\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"70.123652048886\"><body readability=\"142.69245953415\"><\/p>\n<p>Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software appear trusted and legitimate for follow-on cyberattacks, including ransomware, the company said Tuesday.<\/p>\n<p>The financially-motivated threat group, which Microsoft tracks as Fox Tempest, provided the malware-signing-as-a-service to multiple ransomware groups, including Rhysida, Vanilla Tempest, Storm-0501, Storm-2561 and Storm-0249 for at least a year before Microsoft was granted a court order to <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/?p=67584\">dismantle the operation<\/a>. <\/p>\n<p>Fox Tempest, which Microsoft has been tracking since September 2025, abused Microsoft\u2019s Artifact Signing system by fabricating identities and impersonating legitimate organizations to access the code-signing services of Microsoft, Steven Masada, assistant general counsel at Microsoft Digital Crimes Unit, said during a media briefing Monday. <\/p>\n<p>Cybercriminals paid Fox Tempest up to $9,500 to get their malicious code signed, allowing them to slip software through defenses and bypass controls designed to confirm programs are authentic and linked to a trusted source. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThis isn\u2019t the obvious knockoff you might find on a street corner. It\u2019s more like a counterfeit product that\u2019s so precise that even the experts have trouble distinguishing it from the real thing,\u201d Masada said. \u201cIt acts as a fake ID that lets cybercriminals get into systems by walking right through the front door.\u201d<\/p>\n<p>While attackers and defenders have historically focused on the entry points of attacks, Fox Tempest\u2019s operation exemplifies a broader move upstream to how attacks are built in the first place, he added. <\/p>\n<p>\u201cIt\u2019s no longer just about tricking users to click on a link, it\u2019s about exploiting the very systems that we rely on to decide what is and what isn\u2019t safe,\u201d Masada said. <\/p>\n<p>Cybercriminals have been reselling code-signing certificates for a least a decade, but Fox Tempest\u2019s operation was unique in providing a massively scalable service for extortion, phishing, SEO poisoning or malware-laced advertising, said Maurice Mason, who led the investigation into Fox Tempest as principal cybercrime investigator at Microsoft\u2019s DCU. <\/p>\n<p>Mason said ransomware operators and other threat groups primarily deployed these fraudulent certificates in ads or SEO poisoning, which brought their malicious software and infostealers to the top of search rankings, ensnaring unsuspecting victims who thought they were downloading and running legitimate applications. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Fox Tempest\u2019s operation, which included an authenticated portal and a drag-and-drop feature that allowed customers to get their code signed, was directly linked to the deployment of dozens of malware families, including Oyster, <a href=\"https:\/\/cyberscoop.com\/lumma-infostealer-widespread-victims\/\">Lumma Stealer<\/a>, <a href=\"https:\/\/cyberscoop.com\/tag\/muddywater\/\">MuddyWater<\/a> and Vidar, he added. <\/p>\n<p>Microsoft said the threat group is also linked to ransomware affiliates for INC, Qilin, Akira and others. The operation had a global impact, resulting in attacks on the healthcare, education, government and financial services sectors, and most heavily targeted organizations and people in the United States, France, India and China.<\/p>\n<p>\u201cWhy wouldn\u2019t you pay those thousands of dollars if you\u2019re a threat actor and you\u2019re getting it back in extortion and ransomware worth millions? This is like chump change to you,\u201d Mason said. <\/p>\n<p>Microsoft said it evicted or deleted more than 1,000 accounts and subscriptions Fox Tempest used to provide its services. The company also seized the threat group\u2019s website, took hundreds of virtual machines offline and blocked access to a site hosting the underlying code. <\/p>\n<p>\u201cThis disruption likely is going to raise the cost for attackers, and we\u2019re hoping that they move off of using these services,\u201d Mason said. \u201cObviously it\u2019s just a disruption and there\u2019s other things that they\u2019ll probably move to, or someone might try to do this a different way next time.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Fox Tempest is an example of the fully developed cybercrime economy defenders confront now, Masada said. <\/p>\n<p>\u201cIn many cases, an actor no longer needs to build an attack from scratch. They can simply assemble one by purchasing its components \u2014 a phish kit from one vendor, malware from another, infrastructure and optimization tools from yet others, and so on,\u201d he said. <\/p>\n<p>\u201cAs we focus more of our recent disruptions on marketplaces and service providers, we\u2019re getting a much clearer picture of how the economy actually functions, and what\u2019s emerging is a stratified ecosystem,\u201d Masada added. <\/p>\n<p>\u201cAt one end, you have commoditized tools that are mass produced and built for scale, things like turnkey phishing kits or credential harvesting services,\u201d he said. \u201cBut above that, we\u2019re seeing a more sophisticated tier of operators, highly specialized services focused on evasion, durability, and optimization. These are not just enabling attacks, they\u2019re engineering them to succeed against modern defenses.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6036217303823\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-digital-crimes-unit-disrupts-fox-tempest\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft disrupts cybercrime service that abused software verification systems en<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6683,6684,282,78,6685,168,625,2435,46,288],"tags":[6686,6687,286,86,6688,169,630,2436,54,294],"class_list":["post-8658","post","type-post","status-publish","format-standard","hentry","category-certificate","category-code-signing","category-cybercrime","category-cybersecurity","category-fox-tempest","category-malware","category-microsoft","category-microsoft-digital-crimes-unit","category-ransomware","category-threats","tag-certificate","tag-code-signing","tag-cybercrime","tag-cybersecurity","tag-fox-tempest","tag-malware","tag-microsoft","tag-microsoft-digital-crimes-unit","tag-ransomware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/certificate\/\" rel=\"category tag\">certificate<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/code-signing\/\" rel=\"category tag\">code-signing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fox-tempest\/\" rel=\"category tag\">Fox Tempest<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/malware\/\" rel=\"category tag\">Malware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-digital-crimes-unit\/\" rel=\"category tag\">Microsoft Digital Crimes Unit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8658"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8658\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8658,"date":"2026-05-19T10:00:00","date_gmt":"2026-05-19T15:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=89076"},"modified":"2026-05-19T10:00:00","modified_gmt":"2026-05-19T15:00:00","slug":"microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/19\/microsoft-disrupts-cybercrime-service-that-abused-software-verification-systems-en-masse\/","title":{"rendered":"Microsoft disrupts cybercrime service that abused software verification systems en masse"},"content":{"rendered":"