Login

**kyonides** · (This post was last modified: Yesterday, 08:57 PM by kyonides.)

PHONES

Google hit with $314 million US verdict in cellular data class action

Quote:A jury in San Jose, California, said on Tuesday that Google misused customers' cell phone data and must pay more than $314.6 million to Android smartphone users in the state, according to an attorney for the plaintiffs.

The jury agreed with the plaintiffs that Alphabet's Google (GOOGL.O), opens new tab was liable for sending and receiving information from the devices without permission while they were idle, causing what the lawsuit had called "mandatory and unavoidable burdens shouldered by Android device users for Google's benefit."

Google spokesperson Jose Castaneda said in a statement that the company would appeal, and that the verdict "misunderstands services that are critical to the security, performance, and reliability of Android devices."

The plaintiffs' attorney Glen Summers said the verdict "forcefully vindicates the merits of this case and reflects the seriousness of Google's misconduct."

The plaintiffs filed the class action in state court in 2019 on behalf of an estimated 14 million Californians. They argued that Google collected information from idle phones running its Android operating system for company uses like targeted advertising, consuming Android users' cellular data at their expense.

Google told the court that no Android users were harmed by the data transfers and that users consented to them in the company's terms of service and privacy policies.
Another group filed a separate lawsuit in federal court in San Jose, bringing the same claims against Google on behalf of Android users in the other 49 states. That case is scheduled for trial in April 2026.

Apple loses bid to dismiss DOJ’s lawsuit alleging iPhone maker operating an illegal monopoly

Quote:Apple must face the Justice Department’s lawsuit accusing the iPhone maker of unlawfully dominating the US smartphone market, a judge ruled Monday.

US District Judge Julien Neals in Newark, NJ, denied Apple’s motion to dismiss the lawsuit accusing the company of using restrictions on third-party app and device developers to keep users from switching to competitors and unlawfully dominate the market.

The decision would allow the case to go forward in what could be a years-long fight for Apple against enforcers’ attempt to lower what they say are barriers to competition with Apple’s iPhone.

An Apple spokesperson said the company believes the lawsuit is wrong on the facts and the law, and will continue to vigorously fight it in court.

A spokesperson for the DOJ declined to comment.

Sales of the world’s most popular smartphone totaled $201 billion in 2024. Apple introduced a new budget model iPhone in February with enhanced features priced at $170 more than its predecessor.

The lawsuit filed in March 2024 focuses on Apple’s restrictions and fees on app developers, and technical roadblocks to third-party devices and services — such as smart watches, digital wallets and messaging services — that would compete with its own.

DOJ, along with several states and Washington, DC, say the practices destroy competition and Apple should be blocked from continuing them.

Apple had argued that its limitations on third-party developers’ access to its technology were reasonable, and that forcing it to share technology with competitors would chill innovation.

The case is one of a series of US antitrust cases against Big Tech companies brought during the Biden and first Trump administrations.

WEB BROWSERS

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Quote:Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk.

"These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox," Koi Security researcher Yuval Ronen said.

The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week.

The identified extensions have been found to artificially inflate their popularity, adding hundreds of 5-star reviews that go far beyond the total number of active installations. This strategy is employed to give them an illusion of authenticity, making it seem like they are widely adopted and tricking unsuspecting users into installing them.

Another tactic adopted by the threat actor to bolster trust involves passing off these add-ons as legitimate wallet tools, using the same names and logos.

The fact that some of the actual extensions were open-source allowed the attackers to clone their source code and inject their own malicious functionality to extract wallet keys and seed phrases from targeted websites and exfiltrate them to a remote server. The rogue extensions have also been found to transmit the victims' external IP addresses.

Unlike typical phishing scams that rely on fake websites or emails, these extensions operate inside the user's browser—making them far harder to detect or block with traditional endpoint tools.

"This low-effort, high-impact approach allowed the actor to maintain expected user experience while reducing the chances of immediate detection," Ronen said.

The presence of Russian language comments in the source code as well as metadata obtained from a PDF file retrieved from the command-and-control (C2) server used for the activity points to a Russian-speaking threat actor group.

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Quote:Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild.

The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine.

"Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page," according to a description of the bug on the NIST's National Vulnerability Database (NVD).

Type confusion vulnerabilities can have severe consequences as they can be exploited to trigger unexpected software behavior, resulting in the execution of arbitrary code and program crashes.

Zero-day bugs like this are especially risky because attackers often start using them before a fix is available. In real-world attacks, these flaws can let hackers install spyware, launch drive-by downloads, or quietly run harmful code — sometimes just by getting someone to open a malicious website.

Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on June 25, 2025, signaling that it may have been weaponized in highly targeted attacks — possibly involving nation-state actors or surveillance operations. TAG typically detects and investigates serious threats like government-backed attacks.

The tech giant also noted that the issue was mitigated the next day by means of a configuration change that was pushed out to the Stable channel across all platforms. For everyday users, that means the threat may not be widespread yet, but it's still urgent to patch — especially if you're in roles handling sensitive or high-value data.

Google has not released any additional details about the vulnerability and who may have exploited it, but acknowledged that "an exploit for CVE-2025-6554 exists in the wild."

CRYPTO

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Quote:Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world.

The international effort, codenamed Operation Borrelli, was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the investigation into the syndicate started in 2023.

In addition, the five alleged suspects behind the cryptocurrency scam were arrested on June 25, 2025. Three of the arrests took place in the Canary Islands, while two others were apprehended from Madrid.

"To carry out their fraudulent activities, the leaders of the criminal network allegedly used a net of associates spread around the world to raise funds through cash withdrawals, bank transfers, and crypto-transfers," Europol said.

These types of scams often follow a pattern known as cryptocurrency confidence or romance baiting (formerly "pig butchering"), where scammers slowly build trust with victims over weeks or months—often through dating apps or friendly chats—before convincing them to invest in fake crypto platforms. Behind the scenes, fraudsters use social engineering tricks, like fake trading dashboards and scripted conversations, to keep the illusion going. Once money is deposited, it's moved across multiple accounts in a process called layering, making it harder for authorities to trace.

The cybercriminals are believed to have set up a corporate and banking network based in Hong Kong, with the illicitly obtained funds routed through a maze of payment gateways and user accounts in the names of different people and in different exchanges.

The development comes shortly after the U.S. Department of Justice (DoJ) filed a civil forfeiture complaint seeking to recover over $225 million in cryptocurrency linked to cryptocurrency confidence (aka romance baiting) scams running out of Vietnam and the Philippines.

Europol described the "scale, variety, sophistication, and reach" of these online fraud schemes as "unprecedented," and that they're on track to surpass serious and organized crime, thanks to the increased adoption of artificial intelligence (AI) technologies.

AI

Meta denies report that CEO Mark Zuckerberg offered top AI talent up to $300M

Quote:Meta on Wednesday pushed back on reports that the Mark Zuckerberg-led company has offered as much as $300 million to poach talent from OpenAI in the battle for artificial intelligence supremacy.

Zuckerberg allegedly extended the highly lucrative offers to at least 10 staffers at OpenAI who were given the option of taking equity in Meta — with $100 million of the stock vesting in the first year and up to $300 million over four years, online tech news site Wired reported.

A Meta spokesperson laughed off the eye-popping offers, noting that the pay packages would dwarf the annual compensation paid last year to some of Big Tech’s most prized top executives, including Uber CEO Dara Khosrowshahi ($39.4 million) and Microsoft boss Satya Nadella ($79.1 million).

“These statements are untrue — the size and structure of these compensation packages have been misrepresented all over the place,” Meta spokesperson Andy Stone told The Post.

“Some people have chosen to greatly exaggerate what’s happening for their own purposes.”

The Post has sought comment from Wired.

Meta has hired at least eight researchers from OpenAI in recent weeks, according to multiple reports.

The confirmed hires include high-level personnel who played key roles in the development and training of OpenAI’s artificial intelligence models.

The newly confirmed Meta recruits are Shengjia Zhao, Jiahui Yu, Shuchao Bi, Hongyu Ren, Trapit Bansal, Lucas Beyer, Alexander Kolesnikov and Xiaohua Zhai.

Several sources suggest the number of defections could be slightly higher.

Google hit with antitrust complaint in EU over AI summaries harming web traffic to news sites: report

Quote:Google’s controversial AI-generated summaries — which have been blamed for crushing the traffic of US news sites — have drawn an antitrust complaint in the European Union from a group of independent publishers.

The complaint by the Independent Publishers Alliance accuses the Sundar Pichai-led Big Tech giant of abusing its dominant position in online search by promoting its own AI-generated summaries over links to original content.

The filing, submitted on June 30, requests that the European Commission impose interim measures to prevent what it describes as “irreparable harm” to publishers.

“Google’s core search engine service is misusing web content for Google’s AI Overviews in Google Search, which have caused, and continue to cause, significant harm to publishers, including news publishers in the form of traffic, readership and revenue loss,” the complaint alleges.

The complaint comes as damning data revealed that AI Overviews have resulted in 37 of the top 50 US news domains suffering year-over-year traffic declines since its launch in May 2024, according to digital intelligence firm SimilarWeb.

A report by SimilarWeb also found that the AI summaries have led to a significant increase in the frequency of “zero clicks” to search queries.

The percentage of web searches related to news that end without a click to a news site jumped to 69% in May 2025 from 56% for the same month last year, SimilarWeb found.

A spokesperson for the Competition and Markets Authority, the EU’s antitrust agency, confirmed to The Post that it received the complaint.

“Last week, we proposed to designate Google with strategic market status in search and search advertising. If designated, this would allow us to introduce targeted measured to address specific aspects of how Google operates search services in the UK,” the rep told The Post on Friday.

Startling 97% of Gen Z students are using AI to write essays, do homework — and even get into college

Quote:Why do your own homework when a robot can do it for you?

Nearly every Gen Z student is now relying on AI to get through school — with 97% saying they’ve used tools like ChatGPT, according to a new ScholarshipOwl survey of more than 12,000 high school and college students.

More than 1 in 5 admitted they used it to write college or scholarship essays before even setting foot on campus.
And it doesn’t stop there.

About 31% said they’ve used AI to write class essays, while 35% use it for homework answers.

Another 66% turn to it for studying, 56% for test prep and 46% for note-taking.

What used to be called “cheating” is now just a browser tab away.

“Honestly, I’ve never met a student who doesn’t use AI or has never used AI to cheat on an assignment,” said Roy Lee, a former Columbia University student who said he used ChatGPT to write 80% of his college essays, told The Post. “AI is just part of the student workflow now.”

Lee, 21, was later suspended from Columbia for building a tool to cheat in job interviews, which led him to co-found Cluely, a startup that claims to help users “cheat on everything.”

“I think using AI to work more efficiently and to learn concepts is perfectly fine,” Dr. Thomas Lancaster, an academic integrity expert at Imperial College London, told The Post. “(But) if using AI means you’re not learning anything during the process, it’s probably unfair.”

WHITE HOUSE & THE F-47

White House denies Mark Zuckerberg was ‘asked to leave’ Oval Office meeting about F-47 fighter jet

Quote:A Trump official denied a report that Meta boss Mark Zuckerberg was kicked out of the Oval Office after crashing a meeting about the futuristic F-47 stealth fighter jet.

The report that Zuckerberg was “asked to leave” the president’s office during a White House visit last winter surfaced Wednesday in a lengthy NBC News report about the inner workings of President Trump’s West Wing.

The report, which cited two unnamed sources, said Trump was meeting in the Oval Office with military leaders about the F-47 when the Facebook founder “walked in unexpectedly.” Officialls allegedly asked Zuckerberg to wait outside due to concerns he didn’t have security clearance.

However, a senior White House official told The Post that the report had “mischaracterized” the situation.

“He was not asked to leave,” the official said. “He popped in to say hello at the president’s request, and then left to wait for his meeting with POTUS to begin, which was scheduled to occur after the meeting with the pilots.”
Meta declined to comment.

The sources who spoke to NBC News said officials involved in the meeting “came away mystified and a bit unnerved” by the loose environment. One person reportedly described the fighter jet meeting as “bizarro world.”

As The Post has reported, Zuckerberg has faced widespread scrutiny in recent months over his attempts to cozy up with his onetime foe Trump following his win in the 2024 presidential election. He was one of several Big Tech CEOs seated front and center at Trump’s inauguration in January.

Aside from personally visiting the White House on multiple occasions, Zuckerberg has taken steps at Meta that are seen as favorable to conservatives, such as ending the social media firm’s fact-checking efforts and naming Trump ally and UFC President Dana White to his board of directors.

Last month, The Post reported that polling data showed Americans are widely distrustful of efforts by Zuckerberg and other Big Tech executives to suck up to the president.

TESLA

Tesla deliveries plunge 14% in latest quarter, and Elon Musk faces 2nd straight annual sales drop

Quote:Tesla is headed for another year of shrinking sales after it posted a second straight drop in quarterly deliveries, dragged down by CEO Elon Musk’s right-wing political stances and an aging vehicle line-up that has turned off some buyers.

The automaker now needs to deliver over one million vehicles in the typically strong second half to avoid another annual sales decline — a task that some analysts say could prove difficult due to tariff-driven economic uncertainty and threats to phase out key EV incentives under the Trump administration’s sweeping tax bill, including the $7,500 credit on new sales and leases.

It reported on Wednesday that deliveries fell 13.5% in the second quarter, missing analysts’ expectations even after Musk said in April that sales had turned a corner.

Still, shares, down about a quarter this year, closed up 5% as the drop was less severe than the bleakest analysts views, partly helped by a modest demand recovery in the competitive Chinese market, where its refreshed Model Y has gained some traction.

Some investors welcomed the numbers, though with caution.

“You need two dots to draw a line. I don’t think you can get too excited yet until you have some confirmation (of a demand recovery),” said Camelthorn Investments adviser Shawn Campbell, who personally holds Tesla shares. “We’ve had so much bad news — almost any good news is going to help at this point.”

While Tesla has leaned on offers such as low-cost financing to boost demand, it has yet to roll out long-promised cheaper models in a market where snazzy and feature-packed EVs from its Chinese rivals have been winning over buyers.

Tesla had said it would start producing a cheaper vehicle — expected to be a pared-down Model Y — by the end of June, but Reuters reported in April it was delayed by at least a few months.

Curiously, things are improving in the UK. Happy with a sweat

Tesla’s UK sales take big leap in June from a year earlier, data show

Quote:Tesla’s new car sales in Britain rose year-on-year in June amid a broader recovery in the electric-vehicle market, data showed on Friday, as the U.S. auto maker started deliveries of its updated Model Y last month.

Overall, Britain’s new car registrations grew 6.7% in June from a year earlier to 191,316 units, the Society of Motor Manufacturers and Traders, or SMMT, said in a report, boosted by demand for battery electric vehicles.

Though sales remained below pre-COVID levels, it was the best June since 2019. Battery electric car demand rose 39% to 47,354 units, with every one in four buyers going electric, the SMMT said.

“That EV growth, however, is still being driven by substantial industry support with manufacturers using every channel and unsustainable discounting to drive activity, yet it remains below mandated levels,” SMMT Chief Executive Mike Hawes said in the report.

Tesla sold 7,719 units in June, up 14% from a year earlier, according to the SMMT. Data from research group New AutoMotive earlier in the day showed a 12% increase in June to 7,891 units.

The SMMT and New AutoMotive use different sources of data and methods of calculation, explaining the differences in the figures published.

Despite the growth in June, Tesla’s UK sales are still down nearly 2% so far this year, while those of Chinese rival BYD have increased nearly four-fold to 2,498 units, according to New AutoMotive.

NJ man, 68, turns self in over Cybertruck swastika vandalism

Quote:This dentist sure has a dirty mouth.

Elmo Randolph, 68, turned himself into police in the upscale Bergen County borough of Closter on Thursday after being caught scribbling a swastika on a parked car.

Randolph, of Orange, was charged with fourth-degree bias intimidation, according to the Daily Voice, which shared video footage of the alleged crime.

In the footage, captured by one of the car’s many cameras, a baseball cap-donning Randolph is seen in his car on June 15, parked next to a Tesla Cybertruck outside Gary’s Liquors in the Closter Plaza.

He then opens his car door, leans out, and, with his fingers, scrawls a swastika onto the side of the dirty vehicle, the video shows.

The Cybertruck’s owner reported the vandalism on June 16, and shared the car’s surveillance footage with cops, the outlet reported.
Randolph was identified from the video, and turned himself in after learning the Closter Detective Bureau was looking for him.

In 2001, he was one of the plaintiffs in an American Civil Liberties Union lawsuit filed against the New Jersey State Police.

Randolph claimed he’d been stopped by police approximately 100 times, but never received a ticket.

UPS

TIKTOK

TikTokker, 22, allegedly shot and killed Marine veteran in front of his fiancée and 10-month-old infant: cops

Quote:A TikTokker allegedly shot and killed a Marine veteran in front of his infant son and fiancée in a Texas parking lot — and later posted about it on his popular account, according to reports..

Justin Guzman, 22, a wannabe influencer who posted cringey lip-sync videos on TikTok, surrendered to the Houston Police Department on Monday in connection to the senseless killing of Marine veteran Anthony Sanders, 30, earlier last month, according to KPRC.

In a hearing Monday, Sander’s parents, both of whom are Army veterans, submitted evidence that included a TikTok posted by Guzman in which he emotes and dances in front of a television news segment about the shooting, KHOU reported.

“We’re here for justice. Justice for Anthony and also to stand for what he stood for as a person,” father Frank Sanders told the outlet. “This was uncalled for.”

On June 3, Sanders confronted Guzman and his alleged accomplice Marko Cinan, 23, in the parking garage of the Galleria Mall after the pair had allegedly insulted the Marine vet’s fiancée in an elevator of the shopping complex where she worked, according to reports.

After the exchange of words, Sanders went to drive away from the dispute with his partner and their 10-month-old son in the car — but Guzman allegedly “brake-checked” the vet and blocked him in with his own vehicle.

When the Marine got out of his car to address the aggressive driving maneuver — he was shot a total of ten times as his infant and wife cowered in their car.

Royal Sanders was grateful that her son stepped out of the car before the bullets started flying, “because had he not stepped out, the baby was in the car, the fiancée was in the car,” she told KHOU at the courthouse Monday.

Trump says US will begin talks with China on possible TikTok deal as early as Monday

Quote:President Trump said he will begin talks with China in coming days on the sale of TikTok.

“We pretty much have a deal,” Trump told reporters late Friday. “I think we’re gonna start Monday or Tuesday . . . talking to China, perhaps President Xi [Jinping] or one of his representatives, but we pretty much have a deal.”

The White House will likely need China to approve such a deal regarding the video-sharing, social-media platform, added the president.

Trump made the announcement after The Post’s Charles Gasparino earlier Friday reported the commander-in-chief had found a buyer for the controversial Chinese-owned short-video app but his real problem is with the seller.

TikTok is being used as a pawn in the US-Chinese trade negotiations by Beijing, which knows Trump wants the app to remain operating in the United States, sources said.

There will be no sale of TikTok to American investors — a move needed to conform to a US law — until the Chinese president is confident he has extracted as much as he can in terms of a favorable trade deal with the White House, added the sources.

Trump last month signed an executive order to extend the deadline to Sept. 17 for TikTok’s China-based parent company ByteDance to divest TikTok’s assets in the United States.

It was the third such extension since Trump returned to the White House in January.

In April, a group of wealthy investors and tech honchos were poised to place a bid with China to buy the app’s US-based operations until Trump launched a trade war against Beijing, hitting China with 145% tariffs on imported goods.

That number has since been lowered as both sides negotiate other trade issues as part of a broader deal.

When asked how confident he is that China will agree to a deal, the president said, “I’m not confident, but I think so. President Xi and I have a great relationship, and I think it’s good for them. I think the deal is good for China, and it’s good for us.”

Congress voted overwhelmingly last year to ban TikTok if ByteDance wouldn’t divest — via a 79-18 Senate vote and a 360-58 House landslide. Then-President Joe Biden signed the act.

ONLINE FANTASY SPORTS

PHISHING

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Quote:Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors.

"A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD), also known as callback phishing," Cisco Talos researcher Omid Mirzaei said in a report shared with The Hacker News.

An analysis of phishing emails with PDF attachments between May 5 and June 5, 2025, has revealed Microsoft and Docusign to be the most impersonated brands. NortonLifeLock, PayPal, and Geek Squad are among the most impersonated brands in TOAD emails with PDF attachments.

The activity is part of wider phishing attacks that attempt to leverage the trust people have with popular brands to initiate malicious actions. These messages typically incorporate PDF attachments featuring legitimate brands like Adobe and Microsoft to scan malicious QR codes that point to fake Microsoft login pages or click on links that redirect users to phishing pages posing as services like Dropbox.

QR code phishing emails with PDF payloads have also been found to leverage PDF annotations to embed the URLs within a sticky note, comment, or form fields within a PDF attachment, while linking the QR codes to an authentic web page to give the impression that the messages are trustworthy.

In TOAD-based attacks, victims are coaxed into calling a phone number in a purported attempt to resolve an issue or confirm a transaction. During the phone call, the attacker masquerades as a legitimate customer representative and tricks the victim into either disclosing sensitive information or installing malware on their devices.

Most TOAD campaigns rely on the illusion of urgency, but their effectiveness often hinges on how convincingly attackers imitate real support workflows – using scripted call center tactics, hold music, and even spoofed caller IDs.

This technique has been a popular method among threat actors to install banking trojans on Android devices and remote access programs on victim machines to gain persistent access. In May 2025, the U.S. Federal Bureau of Investigation (FBI) warned of such attacks perpetrated by a financially motivated group called Luna Moth to breach target networks by posing as IT department personnel.

"Attackers use direct voice communication to exploit the victim's trust in phone calls and the perception that phone communication is a secure way to interact with an organization," Mirzaei said. "Additionally, the live interaction during a phone call enables attackers to manipulate the victim's emotions and responses by employing social engineering tactics."

Cisco Talos said most threat actors use Voice over Internet Protocol (VoIP) numbers to remain anonymous and make it harder to trace, with some numbers reused consecutively for as many as four days, allowing the attackers to pull off multi-stage social engineering attacks using the same number.

NORTH KOREA

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

Quote:The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers.

The coordinated action saw searches of 21 known or suspected "laptop farms" between June 10 and 17, 2025, across 14 states in the U.S. that were put to use by North Korean IT workers to remotely connect to victim networks via company-provided laptop computers.

"The North Korean actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies," the DoJ said.

The North Korean IT worker scheme has become one of the crucial cogs in the Democratic People's Republic of North Korea (DPRK) revenue generation machine in a manner that bypasses international sanctions. The fraudulent operation, described by cybersecurity company DTEX as a state-sponsored crime syndicate, involves North Korean actors obtaining employment with U.S. companies as remote IT workers, using a mix of stolen and fictitious identities.

Once they land a job, the IT workers receive regular salary payments and gain access to proprietary employer information, including export controlled U.S. military technology and virtual currency. In one incident, the IT workers are alleged to have secured jobs at an unnamed Atlanta-based blockchain research and development company and stole over $900,000 in digital assets.

North Korean IT workers are a serious threat because not only do they generate illegal revenues for the Hermit Kingdom through "legitimate" work, but they also weaponize their insider access to harvest sensitive data, steal funds, and even extort their employers in exchange for not publicly disclosing their data.

"These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," said Assistant Attorney General John A. Eisenberg of the Department's National Security Division.

Last month, the DoJ said it had filed a civil forfeiture complaint in the U.S. District Court for the District of Columbia that targeted over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets linked to the global IT worker scheme.

RUSSIA

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

Quote:The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.

The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well as Aeza Logistic LLC, Cloud Solutions LLC, and four individuals linked to the company -
Arsenii Aleksandrovich Penzev, CEO and 33% owner of Aeza Group

Yurii Meruzhanovich Bozoyan, general director and 33% owner of Aeza Group

Vladimir Vyacheslavovich Gast, technical director who works closely with Penzev and Bozoyan

Igor Anatolyevich Knyazev, 33% owner of Aeza Group who manages the operations in the absence of Penzev and Bozoyan

It's worth noting that Penzev was arrested in early April 2025 on charges of leading a criminal organization and enabling large-scale drug trafficking by hosting BlackSprut, an illicit drugs marketplace on the dark web. Bozoyan and two other Aeza employees, Maxim Orel and Tatyana Zubova, were also detained.

"Cybercriminals continue to rely heavily on BPH service providers like Aeza Group to facilitate disruptive ransomware attacks, steal U.S. technology, and sell black-market drugs," said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.

"Treasury, in close coordination with the U.K. and our other international partners, remains resolved to expose the critical nodes, infrastructure, and individuals that underpin this criminal ecosystem."

BPH services have been godsend for threat actors as they are known to deliberately ignore abuse reports and law enforcement takedown requests, often operating in countries with weak enforcement or intentionally vague legal standards. This makes them a resilient option for attackers to host their malicious infrastructure, including phishing sites and command-and-control (C2) servers, without disruption or consequences.

Headquartered in St. Petersburg, Aeza Group is accused of leasing its services to various ransomware and information stealer families, such as BianLian, RedLine, Meduza, and Lumma, some of which have been used to target U.S. defense industrial base and technology companies and other victims worldwide.

What's more, a report published by Correctiv and Qurium last July detailed the use of Aeza's infrastructure by the pro-Russian influence operation dubbed Doppelganger. Another threat actor that has availed the services of Aeza is Void Rabisu, the Russia-aligned threat actor behind RomCom RAT.

According to Chainalysis, a TRON cryptocurrency address associated with Aeza Group has received more than $350,000 in crypto and cashed out at various deposit addresses at different exchanges. These deposit addresses have also received funds from a darknet vendor peddling a stealer malware, Garantex, and an escrow service used for selling items on a popular gaming platform.

IRAN

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

Quote:U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors.

"Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events," the agencies said.

"These cyber actors often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures or the use of default or common passwords on internet-connected accounts and devices."

There is currently no evidence of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) noted.

Emphasizing the need for "increased vigilance," the agencies singled out Defense Industrial Base (DIB) companies, specifically those with ties to Israeli research and defense firms, as being at an elevated risk. U.S. and Israeli entities may also be exposed to distributed denial-of-service (DDoS) attacks and ransomware campaigns, they added.

Attackers often start with reconnaissance tools like Shodan to find vulnerable internet-facing devices, especially in industrial control system (ICS) environments. Once inside, they can exploit weak segmentation or misconfigured firewalls to move laterally across networks. Iranian groups have previously used remote access tools (RATs), keyloggers, and even legitimate admin utilities like PsExec or Mimikatz to escalate access—all while evading basic endpoint defenses.

Based on prior campaigns, attacks mounted by Iranian threat actors leverage techniques like automated password guessing, password hash cracking, and default manufacturer passwords to gain access to internet-exposed devices. They have also been found to employ system engineering and diagnostic tools to breach operational technology (OT) networks.

The development comes days after the Department of Homeland Security (DHS) released a bulletin, urging U.S. organizations to be on the lookout for possible "low-level cyber attacks" by pro-Iranian hacktivists amid the ongoing geopolitical tensions between Iran and Israel.

Last week, Check Point revealed that the Iranian nation-state hacking group tracked as APT35 targeted journalists, high-profile cyber security experts, and computer science professors in Israel as part of a spear-phishing campaign designed to capture their Google account credentials using bogus Gmail login pages or Google Meet invitations.

Iran deployed bots to post 240K times to block US strikes on nuclear facilities

Quote:Iran mounted a comprehensive campaign to undermine American public support for military action against its nuclear facilities by deploying a sophisticated bot network that disseminated hundreds of thousands of deceptive messages, according to groundbreaking research commissioned by the Ministry of Diaspora Affairs and Combating Antisemitism.

The investigation, which analyzed social media activity on X during “Operation Rising Lion,” identified at least 100 fabricated accounts systematically promoting Tehran’s strategic messaging. Beyond merely spreading disinformation to glorify Iranian successes while fabricating Israeli failures, Tehran invested substantial resources in targeting domestic audiences within Israel and the United States.

Researchers examined approximately 100 X accounts exhibiting clear signs of automated rather than human operation. These accounts maintained continuous activity across all hours without typical human patterns of rest.

Moreover, they generated content at superhuman speeds, posting thousands of messages daily. The content frequently appeared identical or remarkably similar across multiple suspicious accounts, strongly indicating coordinated bot activity. The examined network ultimately distributed 241,712 posts reaching millions of users worldwide.

Iranian messaging operations were divided into four distinct categories—promoting regime loyalty and Supreme Leader Ali Khamenei. “The bot network advanced Iranian nationalism, seeking to frame the conflict as targeting Iran’s people rather than its government,” according to the research.

A second messaging category targeted both Iranian domestic audiences and Israeli citizens with fabricated reports of Israeli military failures. These automated accounts circulated manipulated imagery and AI-generated content depicting false scenarios such as Tel Aviv engulfed in flames or Israeli aircraft destroyed over Iranian territory.

Additional messaging streams sought to characterize Israel as a terrorist state that “murders children” and “massacres Palestinians.”

However, the research identifies Iran’s most significant operation as systematic efforts to turn American public opinion against U.S. President Donald Trump’s military action targeting Iranian nuclear infrastructure.

These accounts amplified messaging identical to Republican critics of the military strikes. Following Trump advisor Steve Bannon’s claims that Israeli Prime Minister Benjamin Netanyahu exercised control over the president, Iranian accounts circulated imagery depicting Trump as Netanyahu’s marionette or as a dog owned by the Israeli leader. Research findings show Trump was consistently portrayed across the bot network as Netanyahu’s puppet, according to the Ministry of Diaspora Affairs investigation.

Let's see... If Netanyahu were capable of manipulating Trump, explain why Bibi couldn't keep striking Iran even after Iran had broken the ceasefire?

Login
Username:
Password:	Lost Password?
	Remember me