DFM 6 May roundup: Trellix breach, Gujarat mule fraud network, NSW AU$5.7m crypto seizure, Karakurt negotiator sentenced 102 months

The Digital Forensics Magazine roundup for 6 May 2026 covers three significant law enforcement and cybercrime developments. Trellix disclosed unauthorised access to part of its source code repository, with external forensic specialists engaged and the matter referred to law enforcement; no evidence of exploited code was found. In India, Gujarat CID’s Cyber Centre of Excellence arrested 10 suspects after uncovering an alleged 53 crore rupee mule-account cyber fraud network spanning multiple states, identifying 197 bank accounts and linking 60 accounts to 132 cybercrime complaints. In Australia, New South Wales Cybercrime Squad detectives seized AU$5.7 million in cryptocurrency after a 15-month investigation into alleged darknet market proceeds. A Latvian national was also sentenced in Ohio to 102 months for acting as negotiator for the Karakurt, TommyLeaks and SchoolBoys ransomware operations, responsible for tens of millions in extortion. The UK NCSC separately warned organisations to prepare for a vulnerability patch wave linked to frontier AI capability, framing patch readiness as a strategic governance issue.

In this domain: EU-funded ERATOSTHENES project advances IoT security attestation standards with direct implications for LE digital evidence integrity · AI in digital forensics: 68% of DFIR professionals now use AI in investigative workflows · ACSC warns cPanel zero-day CVE-2026-41940 exploited for months before patching — authentication bypass enables remote code execution