Summary4 min read

Risky Bulletin: New Cambodian Law Will Put Scam Compound Operators in Prison for Life

Podcast: Risky Bulletin (Risky Business Media)
Date: April 6, 2026
Host: Claire Aird (prepared by Catalyn Kimpanu)

Episode Overview

This episode delivers a concise roundup of the latest global cybersecurity news, with a focus on Cambodia’s landmark legal crackdown on scam compounds. The bulletin covers a range of incidents: cyberattacks on cultural institutions, new anti-phishing efforts, supply chain and phishing campaign trends, high-profile ransomware, and major software vulnerabilities impacting government, educational, and corporate sectors worldwide.

Key Discussion Points and Insights

1. Cambodia’s Drastic Measures Against Scam Compounds

[00:04] Cambodia introduces severe prison terms targeting scam compound operators.
- Operating a compound: Up to 10 years.
- Involvement of torture: 20 years.
- Resulting in deaths: Life in prison.
Scammers working voluntarily face 5-10 years.
Bill sent to the King for signature.

“Individuals will face up to 10 years for running a compound, 20 if torture is involved, and life in prison if deaths are reported.” — Claire Aird (00:10)

2. Cyberattack Response at an Italian Museum

Uffizi Galleries, Florence moved priceless works to a bank vault, two months post-cyberattack.
Museum asserts no passwords or security details were stolen.
Move also attributed to ongoing renovations.

3. Anthropic’s Claude Agent Used in eLearning Platform Attack

Supply chain attack hits BuddyBoss, compromising nearly 250 websites (mostly Middle Eastern US university campuses).
Attackers used Claude chatbot to deploy a backdoored update via stolen credentials.
Researchers traced the attack to a French-speaking threat actor.

“Researchers recovered Claude Chat from the attacker's infrastructure. They revealed that the actor instructed the AI agent to use compromised credentials to upload a backdoored update.” — Claire Aird (00:35)

4. Dutch Government Launches Major Anti-Phishing Initiative

Trial of new anti-phishing filter blocked 2 million+ links for 200,000 users.
Scaling nationwide, developed with banks and telcos.
Four cities to trial Linux and "My Office" migration, as part of reducing reliance on US tech.

5. U.S. Army Cybersecurity Training Overhaul

Mandatory training frequency reduced from annual to once every five years.
Change implemented to prioritize combat readiness.

“Last year, Pete Hegseth sent a memo stating that troops should be in combat instead of online classes.” — Claire Aird (01:18)

6. U.S. Federal Cuts and Agency Workforce Decline

Proposed $707 million cut to CISA—one-third of 2020 budget; agency has lost a third of its workforce since January last year.

7. High-Profile Ransomware and Data Breaches

German Die Linka party shuts down IT after ransomware, Qilin group claims credit.
- Employee records stolen; party members’ data safe.
Docketwise (US immigration law platform) breached; 116,000 clients affected.
- Breach via compromised partner credentials; FBI notified.
Hims and Hers telehealth company discloses a February support portal breach.

8. U.S. FCC Takes Action Against Robocalls

Proposed $4.5 million fine against Voxbeam for routing robocall scams from non-compliant providers.
Last year, 1,200 voice providers banned for not having adequate robocall protections.

9. Unusual Cybercrime and Legal Updates

Missouri man pleads guilty to hacking/extorting employer for 20 bitcoin.
Ohio man released after 9 years in jail pending spyware trial—case did not progress.

10. Security Vulnerabilities and Phishing Campaigns

Fortinet issues emergency patch for actively exploited zero-day in EMS, allowing code execution.
Vite JavaScript framework bug exploited for file access—targeting environment variables, cloud tokens.
Phishing campaign targets prominent NPM developers (Node.js, Lodash, Fastify, Mocha, Express, and Socket Security).
- Both this and the Axios attack linked to North Korean actors.
Device code phishing rose 37.5x in past year; at least 10 different kits active.

Notable Quotes & Memorable Moments

On Cambodia’s new law:

"The bill's been sent to the country's king to be signed into law." — Claire Aird (00:15)
On Claude’s involvement in a supply chain attack:

"The actor instructed the AI agent to use compromised credentials to upload a backdoored update." — Claire Aird (00:35)
On U.S. Army’s cyber training:

“Troops should be in combat instead of online classes.” — Claire Aird, referencing Pete Hegseth’s internal memo (01:18)
On the exponential rise of device code phishing:

“The number of device code phishing campaigns has increased 37.5 times from last year.” — Claire Aird (03:04)

Timestamps for Important Segments

Cambodia’s anti-scam compound law: 00:04–00:19
Uffizi museum cyberattack response: 00:20–00:29
BuddyBoss/Claude supply chain attack: 00:29–00:42
Dutch anti-phishing and tech independence: 00:43–01:03
U.S. Army cyber training changes: 01:10–01:20
CISA budget cuts and staff losses: 01:21–01:30
German party ransomware + Docketwise breach: 01:31–01:47
FCC robocall fine: 01:58–02:08
High-profile cybercrime cases: 02:09–02:22
Fortinet zero-day and Vite exploit: 02:24–02:40
NPM developer phishing/ North Korea ties: 02:41–02:52
Device code phishing surge: 02:53–03:08

Summary

This bulletin underscores a marked escalation in both state and cybercriminal activities, from Cambodia’s sweeping penalties for digital slavery and scam compounds to the evolution of advanced supply chain and phishing attacks. The episode is dense with concise, up-to-date reporting, making it essential listening for cybersecurity professionals seeking a global sweep of current threats and policy shifts.

Loading summary

Transcript1 lines

[00:05]
A
Cambodia prepares harsher prison terms for scam compound operators An Italian museum moves valuables into a bank vault after a cyber attack. Hackers exploit a bug in vite based apps and sites and a supply chain attack hits an elearning platform. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 6th of April and this podcast episode is brought to you by Airlock Digital. In today's top story, Cambodia is introducing harsher prison sentences for scam compound operators. Individuals will face up to 10 years for running a compound, 20 if torture is involved, and life in prison if deaths are reported. Scammers who work in compounds voluntarily will face five to 10 years. The bill's been sent to the country's king to be signed into law. In other news, an Italian art museum has moved some valuable items to a bank vault two months after a cyber attack. The Uffizi Galleries in Florence exhibits pieces by Leonardo da Vinci, Raffaele and Botticelli. The museum said no passwords or security details were stolen in the February hack and that the pieces have been moved due to ongoing renovations. Anthropic's Claude agent has been used to facilitate a supply chain attack on an eLearning platform. Almost 250 websites were compromised when the BuddyBoss platform was attacked in March. Researchers recovered Claud Chat from the attacker's infrastructure. They revealed that the actor instructed the AI agent to use compromise credentials to upload a backdoored update. Most of the victims were Middle Eastern campuses of American universities. Researchers tracked the attack to a French speaking threat actor. The Dutch government will scale up development of an anti phishing filter following a successful trial. The anti phishing shield is designed to help telcos block malicious links. It was tested with 200,000 users in a pilot program last year where it blocked more than 2 million links. The government developed the filter with assistance from banks and telcos. Four Dutch municipalities will take part in a trial to migrate their systems to Linux and my office. The program is part of an effort to reduce Dutch reliance on US Tech. The cities of Amsterdam, Ada, Heer, Togenbus and Zaarnstadt are participating. The US army has reduced the frequency of mandatory cyber security training. Soldiers, officers and civilian personnel will only have to undergo training every five years rather than annually. Last year, Pete Hegseth sent a memo stating that troops should be in combat instead of online classes. The updated policy came into effect last month. The Trump administration wants to cut a further $707 million from next year's CISA budget. The proposed cut is about a third of the agency's 2020 budget. Since January last year, CISA has lost about a third of its workforce. German political party Die Linka has shut down its IT network after a ransomware attack. The incident occurred in late March. The Qilin Ransomware group has claimed credit. Die Linka said hackers stole employee records, but party member data was not compromised. Meantime, hackers have stolen data from a US Immigration law case management platform. Docketwise is a cloud based platform platform used by law firms. It was breached in October and the data of 116,000 clients was stolen. Hackers allegedly used login credentials from one of the platform's partners to access its servers. Docketwise says it's informed the FBI and has notified affected individuals. Telehealth company Himss hers has disclosed a security breach of its customer support portal. The incident took place in February and hackers are believed to have stolen personal data from support tickets. Hims and hers sells weight loss, drugs and sexual health prescriptions. The U.S. federal Communications Commission has proposed a $4.5 million fine against Voxbeam for routing robocall scams. The agency says the company routed traffic through its network from providers not listed on the US Robocall Mitigation Database. Last year, the FCC banned 1,200 voice providers from the US telephone network for fail, failing to deploy robocall protections. A Missouri man has pleaded guilty to hacking and extorting his employer. In 2023, Daniel Ryan deployed scripts that deleted user accounts and shut down servers on his employer's network. He then emailed the company and demanded a ransom of 20 bitcoin worth $750,000 at the time. The DOJ has not named the employer but has described it as a US based industrial company headquartered in New Jersey. An Ohio man has been released from jail after spending nine years in pre trial custody over spyware charges. Philip Jurechinsky was arrested in 2018. He was accused of using the fruit fly Spyware to surveil macOS users since at least 2003. The judge agreed Jureczynski had spent enough time in jail after prosecutors failed to progress his case. Fortinet has released an emergency security update to patch an actively exploited Zero Day. The vulnerability allows remote attackers to bypass authentication and run malicious code on Fortinet EMS servers. Attacks against EMS devices spiked last month as a threat actor began exploiting a separate bug from February. Security firm Defused reported the first wave of attacks as well as the Zero day. Threat actors are scanning the Internet for apps and websites built using the Vite JavaScript front end framework. Attackers are exploiting a bug from last year that lets them bypass blocklists and retrieve files. According to The Sans Internet StormCenter, hackers are attempting to extract credentials, environment variables and cloud tokens. High profile NPM developers have been targeted by the same phishing campaign that compromised the Axios project. Developers behind Node js, Lodash, Fastify, Mocha and Express have all disclosed attacks. The campaign also targeted engineers at Socket Security, including CEO Feros Abu Kadijay. Both the phishing campaign and the Axios supply chain attack have been linked to North Korea. And finally, Push Security says the number of device code phishing campaigns has increased 37.5 times from last year. In 2025, the attacks were limited to APT groups but have since been widely adopted by the Ecrime ecosystem. At least 10 distinct kits capable of device code phishing operations have been spotted in the wild. The most popular is Evil Tokens, also known as Anti Bot. And that is all for this podcast edition. Today's show was brought to you by Airlock Digital. Find them@airlockdigital.com thanks to your company.