🧵1/2: BreachForums stepped into the vacuum after RaidForums’ fall, turning stolen databases and credentials into a fast, English-language retail market that sped the path from hack to identity theft.

1/2: China uses cyberspace to gain leverage by mapping and quietly occupying the networks that carry communications and run utilities. Salt Typhoon targets telecom routers across many countries, exploiting known flaws to secure durable, large-scale visibility.

Independent researcher Marek Tóth demonstrated a new “DOM-based extension clickjacking” attack in which a malicious site makes the UI injected by password-manager extensions invisible and, with as little as one click.

At Black Hat USA 2025 (Aug 6–7), researchers warned that today’s AI agents and LLM-powered tools are far too easy to abuse.

Learn more from this fascinating summary from SCWorld about various AI vulnerabilities presented at the Black Hat USA 2025 event: www.scworld.com/news/sloppy-...

1/4: Jonathan Kamens, the former cybersecurity lead for the Department of Veterans Affairs' website, has warned that the Department of Government Efficiency (DOGE) poses a serious threat to the security of veterans' sensitive data.

1/3: Bybit, a major cryptocurrency exchange, has suffered what is now the largest crypto heist in history, losing over $1.5 billion in ETH and stETH from one of its Ethereum cold wallets.

1/2: The UK government has secretly ordered Apple to create a backdoor allowing access to all encrypted iCloud content worldwide, according to sources speaking to The Washington Post.

1/4: In 2024, ransomware revenues fell by about 35%, dropping from $1.25 billion in 2023 to roughly $813 million. This decline was driven by aggressive law enforcement actions, enhanced international cooperation, and a growing reluctance among victims to pay ransoms.

1/2: When Anthony Deyoe discovered he was a victim of identity theft, he followed all the right steps—contacting credit bureaus, freezing his credit, and securing his accounts. But instead of stopping the fraud, it made things worse.

Elon Musk, the world's richest man is in the midst of a hostile takeover of USAID, GSA, and the Treasury, and is now calling for the prosecution of journalists and internet users who have exposed the situation and the people involved.

1/3: Elon Musk’s growing control over federal government systems is raising major cybersecurity concerns. A group of young, mostly inexperienced engineers—some barely out of college—now have access to critical IT infrastructure, including the Treasury Department’s payment system.

1/3: Dover Mayor Robin Christiansen has declared a state of emergency following reports of a potential cybersecurity breach that may compromise city IT systems, including emergency services, utilities, and personal data of employees and customers.

1/3: Wiz Research recently discovered a major security lapse at DeepSeek, a Chinese AI startup known for its advanced reasoning model, DeepSeek-R1. A publicly accessible ClickHouse database, completely unprotected by authentication, was found exposing highly sensitive information.

1/3: Researchers at the Florida Institute for Cybersecurity Research have uncovered 119 vulnerabilities in LTE and 5G core network implementations, affecting both open-source and proprietary systems used in commercial deployments.

1/3: Russian hackers have found a new way to break into secure networks—by hopping between Wi-Fi signals like stepping stones.