FBI seizes over $2.4 million in crypto linked to the Chaos ransomware group.
Posted inCybersecurity News

FBI seizes over $2.4 million in crypto linked to the Chaos ransomware group.

The Federal Bureau of Investigation (FBI) has seized more than $2.4 million in cryptocurrency believed to be linked to the notorious Chaos ransomware gang. The operation, executed by agents in the Dallas field office on April 15, 2025, resulted in the confiscation of approximately 20.2 Bitcoin (BTC). The seizure was publicly announced on July 28, 2025.
The UK’s Online Safety Act was broken on the first day when a user found he could bypass Discord’s age verification using Death Stranding’s “photo mode” hack.
Posted inCybersecurity News

The UK’s Online Safety Act was broken on the first day when a user found he could bypass Discord’s age verification using Death Stranding’s “photo mode” hack.

On July 25, 2025, an X (formerly known as Twitter) user named Dany Sterkhov publicly revealed a method to circumvent Discord’s newly implemented age verification system in the United Kingdom, exploiting the photo mode feature in the video game Death Stranding. Sterkhov’s post included a demonstration on X, showing how Discord’s verification could be bypassed by utilizing a virtual “selfie” of the game’s protagonist, Sam Porter Bridges, in place of a real user’s image.
Sploitlight macOS security flaw disclosed by Microsoft Threat Intelligence team because… of course.
Posted inCybersecurity News

Sploitlight macOS security flaw disclosed by Microsoft Threat Intelligence team because… of course.

A serious security flaw in macOS, identified as CVE-2025-31199 and dubbed “Sploitlight,” has been disclosed by Microsoft’s Threat Intelligence team. This vulnerability, now patched by Apple, targeted the Spotlight search engine’s plugin system and exposed sensitive user data, including information cached by the latest Apple Intelligence features.
Hackers penetrate Toptal’s GitHub account and leverage their privileged access to inject malicious code into the npm registry.
Posted inCybersecurity News

Hackers penetrate Toptal’s GitHub account and leverage their privileged access to inject malicious code into the npm registry.

In July 2025, prominent freelance talent platform Toptal grappled with a significant software supply chain breach after unknown threat actors penetrated its GitHub organization account. The repercussions of the attack extended far beyond source code exposure, as adversaries leveraged their privileged access to inject malicious components into the open-source ecosystem via the npm registry.
Researchers Uncover Major Online Counterfeit Currency Operation in India.
Posted inCybersecurity News

Researchers Uncover Major Online Counterfeit Currency Operation in India.

Cybersecurity researchers at CloudSEK’s STRIKE team have revealed the existence of a large-scale fake currency operation exploiting digital platforms to circulate counterfeit Indian banknotes. The operation, running openly on channels such as Facebook and Instagram, is estimated to have moved fake currency worth over ₹17.5 crore (approximately $2 million) between December 2024 and June 2025.
CISA adds 3 vulnerabilities to KVE catalog. Urgent patching advised.
Posted inCybersecurity News

CISA adds 3 vulnerabilities to KVE catalog. Urgent patching advised.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding three recently discovered and actively exploited security flaws. The newly cataloged vulnerabilities affect widely used business software and network devices, underscoring the persistent threat landscape and the critical importance of rapid patch management for organizations in all sectors, especially those overseeing critical infrastructure.
Scattered Spider shifts gears and begins exploiting VMware’s ESXi to deploy ransomware on critical U.S. infrastructure.
Posted inCybersecurity News

Scattered Spider shifts gears and begins exploiting VMware’s ESXi to deploy ransomware on critical U.S. infrastructure.

A highly active and sophisticated cybercriminal collective known as Scattered Spider—also referred to as UNC3944, 0ktapus, Octo Tempest, and Muddled Libra—has escalated its attacks on critical U.S. infrastructure by targeting the VMware ESXi hypervisor, a core component of many enterprise data centers. By deploying ransomware on these systems, the group has successfully disrupted a range of sectors, highlighting the growing risks associated with virtualized environments.
France categorically denies that hackers breached their leading defense contractor’s systems. Hackers then post code and architecture details for naval combat systems.
Posted inCybersecurity News

France categorically denies that hackers breached their leading defense contractor’s systems. Hackers then post code and architecture details for naval combat systems.

Naval Group, France’s leading defense contractor, has publicly denied claims of a significant cyber-attack after reports circulated online suggesting the firm’s internal systems had been breached. The company, which is majority-owned by the French government and recognized for its role in producing advanced naval vessels, including submarines and aircraft carriers, is at the center of a growing cybersecurity controversy.
In what could be the most significant cyberattack targeting Russian civil infrastructure, hackers say they took down Aeroflot, Russia’s largest airline.
Posted inCybersecurity News

In what could be the most significant cyberattack targeting Russian civil infrastructure, hackers say they took down Aeroflot, Russia’s largest airline.

Russia’s flagship carrier, Aeroflot, faced a widespread disruption on Monday morning as a catastrophic failure of its information technology systems forced the airline to cancel dozens of flights. The incident affected both domestic and international operations, leaving thousands of passengers stranded and triggering a criminal investigation.