Hello. Microsoft says it has helped pull the plug on a massive criminal platform that sold ready-made online hacking kits for budding cybercriminals.

The move involved seizing more than 300 web domains, including fraudulent website login pages, and blocking the digital infrastructure that supported the phishing tools, Microsoft said.

Roughly 20 companies and organizations worldwide contributed to the effort, including cloud-service provider Cloudfare, cybersecurity firms Proofpoint and Intel 471, cryptocurrency exchange Coinbase, and Europol, the law enforcement agency of the European Union. Read the full story.

Also today:

• New York financial watchdog eyes tech risk
• Middle East hit by retaliatory cyberattacks
• Maryland enacts zero-trust policy
• And more

• “AI is really changing the cybersecurity landscape as well as the risk landscape, enabling bad actors to move more quickly,” she said at the conference in New York City. (Dow Jones Risk Journal)

Retaliatory Cyberattacks by Iran Mostly Target Middle East. Since U.S.-Israel strikes on Iran began Saturday, cybersecurity firm Radware has tracked roughly 150 cyberattacks by a dozen Iran-linked hacker groups targeting 110 organizations worldwide, including 107 attacks across the Middle East, the firm said.

Maryland Moves From Trust to Zero Trust. State agencies must meet zero-trust cybersecurity standards within the next 18 months, the Maryland Department of Information Technology said. That includes continuous verification of users, secure networks and tougher defences on personal devices. The move replaces the state’s “trust, but verify” policy. (GovTech) 

FBI Seizes LeakBase Cybercrime Bazaar. Federal investigators said the online cybercrime marketplace had over 142,000 members who used the site to “sell the information from stolen databases, including data illegally obtained from U.S. corporations and individuals, and offered credit and debit card numbers, banking account and routing information, usernames,” among other valuable data, the Justice Department said. Working with 14 other countries, U.S. officials shut down the site and seized data and two web domains used by the forum, the agency said.

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.