This week: Ransomware gang gets a taste of their own medicine, the biggest crypto-attack in history (so-far) and 244 million passwords have been leaked on a crime forum.
👋 Welcome to your five-minute cybersecurity news recap from Expert Insights.
- 📅 Next week, Expert Insights will be broadcasting a live chat with Rishi Bhargava, co-founder of identity platform Descope. We’ll be chatting about passwordless authentication and removing identity friction. RSVP to listen in on LinkedIn.
- 🎧 You can now listen to this briefing on the Expert Insights Podcast! Subscribe here to get this newsletter in your feed each week.
📰 Headlines
- Ransomware gang ‘Black Blasta’ has been hit with a massive leak of their private chat logs, with over 200k messages leaked. The messages reveal tactics and potentially identifying details about hackers involved with the gang. (The Record)
- Bybit, one of the largest global crypto exchanges, lost almost $1.5 billion USD after a hack on Friday – the biggest crypto hack ever recorded. The hackers have been linked to North Korea. (Fortune, DarkReading)
- 244 million passwords have been leaked on a major crime forum known as ALIEN TXTBASE, according to a recent alert issued by Have I Been Pwned. (Forbes)
- Russia’s largest tech services provider, LANIT, has been hit by a cybersecurity attack targeting its subsidiaries, according to Russia’s cybersecurity authority. (TheRecord)
- 1 in 4 cybersecurity professionals would not endorse their employers, and over 70% of department heads would or may like to change jobs in the next 12-months, according to a new report. (SCMedia)
🎣 Vulnerabilities, Scams, & Hacks
- Watch out for a new phishing scam impersonating PayPal. The scam exploits a PayPal option to add a new address to your account, which sends out an auto-generated email. Attackers are adding phishing messages to these autogenerated messages. (BleepingComputer)
- A botnet controlled by Chinese threat actors powered by more than 130,000 compromised devices are targeting Microsoft 365 accounts using legacy authentication processes with no MFA, says SecurityScorecard. (SecurityWeek)
- Infostealer malware has been used to target employees at major US defence contractors and US military personnel. The malware works by sending out fake infected PDF files. (SCWorld)
- A new Linux malware dubbed ‘Auto-Color’ can steal data, modify files, and execute programs. The malware has been used to target governments and universities in North America and Asia, says Palo Alto Networks. (Palo Alto)
- Hackers are creating fake open-source GitHub projects to target gamers and cryptocurrency investors with malware. (THN)
- Salt Typhoon, the notorious China state-sponsored hacking group, has developed a utility to monitor network traffic and capture sensitive US data in cyberattacks on telecommunication providers. (BleepingComputer)
🚨 Vendor News & Announcements
- Skybox Security, a cybersecurity startup that has raised over $300 million USD, has suddenly shut down, laying off its entire workforce of 300 employees, following the immediate sale of the business to rival firm Tufin. (SecurityWeek)
- Google has made a big move on authentication – you will no longer be able to use SMS messages as an option for two-factor authentication. This option has been replaced with an on-screen QR-code to help beat phishing attempts. (TechRadar)
- NinjaOne, an endpoint management and RMM leader, has announced announced a $5B valuation and $500M in Series C extension. This news comes on the heels of NinjaOne’s intent to acquire public company Dropsuite for $252M USD. (SecurityWeek)
- IBM will acquire DataStax, a cloud database development platform and the creators of AstraDB, to accelerate IBM’s generative AI capabilities. (CRN)
- Rad Security, an AI powered cloud security operations platform, has announced $14 million USD in series A funding. (SecurityWeek)
- Palo Alto Networks and NTT DATA are offering a new managed security service designed to improve 5G security in industrial and operational technology environments. (SiliconAngle)
- Forcepoint has launched a new AI-powered ‘Data Detection and Response’, dubbed DDR) platform offering AI-powered data classification and risk analysis. (Forcepoint)
📟 Product Releases & Patches
- Keeper Security has released a new update to its PAM solution, including an integration between PAM processes and the Keeper encrypted password vault. (MSSPAlert)
- Microsoft has issued an alert for a high severity privilege vulnerability in Power Pages which has been exploited in attacks. (CVE-2025-24989) (BleepingComputer)
- Palo Alto Networks is warning users to patch two PAN-OS vulnerabilities that are currently being exploited in the wild, including an authentication bypass vulnerability. (SecurityWeek)
🏛️ Policy, Law, & Legislation
- In the latest on the global debate on government backdoors into encrypted systems, Apple has removed its Advanced Data Protection iCloud feature in the UK rather than allowing backdoor access to user data. (BBCNews)
- The FTC has ruled that Avast customers are entitled to $16.5 million USD as part of a settlement for ‘failing to protect their customers privacy’. (TomsGuide)
- The SEC has announced it is replacing it’s cryptocurrency fraud unit with a new team that will focus on ‘cyber-related misconduct’ which affects investors – the Cyber and Emerging Technologies Unit (CETU) (TheRecord)
- The EU has announced sanctions on the leader of a group of North Korean hackers specializing in espionage and financial crimes. (SecurityWeek)
- The UK Ministry of Defense (MoD) has opened a vulnerability reporting platform to encourage ethical hackers – but campaigners have warned ethical hackers could be at risk of prosecution if they use the system under current UK laws. 🤦♂️ (TheRecord)
🎙️ Expert Insights: Latest From Us
Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.
That’s all for this week! 👋
Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.
Contact [email protected]
Expert Insights’ Cybersecurity Resources
- The Top RMM Solutions For MSPs
- The Top Mobile Device Management (MDM) Solutions
- The Top Email Security Solutions For Office 365
- The Top Email Security Gateways
- The Top Multi-Factor Authentication (MFA) Solutions For Business
- The Top Phishing Protection Solutions
- The Top Cyber Threat Intelligence Solutions
