As the cyber world continues to change, so do the plans of digital attackers. This week’s briefing reveals jaw-dropping cryptocurrency heists, secretive AI-facilitated deceptions, and seismic changes in data protection policies. Get armed with information as we break down the latest incursions in the cyber world.
Cyber Threat of the Week
Lazarus Group’s Record-Breaking $1.5 Billion Crypto Heist
North Korean-linked Lazarus Group has written its name again in the history of cybercrime, executing the largest ever cryptocurrency heist on record. The illegal drain of over $1.5 billion worth of digital assets originated from a sophisticated hacking of Bybit’s Ethereum (ETH) cold wallet. The breach was discovered on February 21, 2025, during a routine asset transfer procedure. This robbery surpasses other mind-boggling losses, overshadowing attacks on Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million). This magnitude of assault highlights the longstanding vulnerabilities of the digital asset industry.
???? Top Cyber Developments
OpenAI Bans ChatGPT Accounts Used in Misleading Activities
OpenAI has wielded its enforcement hammer, terminating a multitude of accounts engaged in nefarious activities. Among them, a China-linked network leveraged AI to craft a sophisticated surveillance apparatus, siphoning data from platforms such as X, Facebook, YouTube, Instagram, Telegram, and Reddit. Additional misuses encompassed disinformation campaigns, romance-baiting scams, and even AI-assisted malware engineering. This crackdown signals OpenAI’s escalating commitment to preventing malevolent exploitation of its technology.
Apple Pulls iCloud’s Advanced Data Protection from the UK
In a bold defiance of governmental encroachment, Apple has pre-emptively stopped providing its Advanced Data Protection (ADP) service to iCloud customers in the United Kingdom. The sudden policy reversal occurs in the face of increased pressure from UK officials calling for backdoor access to encrypted customer data. “With the widespread epidemic of data breaches and invasions of privacy, we are very concerned that our UK users will be deprived of ADP’s strong protections,” Apple stated. The action reflects an increasing philosophical rift between regulatory agencies and tech leviathans on the rights of users to privacy.
Salt Typhoon Leverages Outdated Cisco Weakness
A hacking group known as Salt Typhoon, allegedly sponsored by the Chinese government, has resurrected interest in an old security vulnerability—CVE-2018-0171—afflicting Cisco devices. Weaponizing this fixed but still widely exploited flaw, attackers broke into leading U.S. telecommunication companies, using “living-off-the-land” (LOTL) tactics to disguise their activity. Their covert actions were further supplemented by a tool specially developed utility, JumbledPath, facilitating stealthy packet captures on affected Cisco infrastructure. Security experts caution that even long-patched vulnerabilities can be brought back to life as powerful cyber weapons when attackers stay committed.
Russian Cybercriminals Leverage Signal’s Device Linking Feature
State-sponsored Russian cybercrime gangs have come up with a new trick: using Signal’s “linked devices” function through malicious QR codes to steal user accounts. Credited to UNC5792 and UNC4221, these attacks allow for unauthorized eavesdropping, revealing confidential communications. The disclosure comes amidst a concurrent spike in the same type of activities against WhatsApp users. The increased exploitation of end-to-end encrypted messaging platforms indicates the cat-and-mouse war between security experts and cyber spoilers.
Winnti Group Unleashes RevivalStone Espionage Campaign in Japan
APT41 subgroup Winnti has unleashed a highly advanced cyber-espionage campaign against Japanese targets in manufacturing, materials, and energy industries. The campaign, Revival Stone, uses an arsenal of malicious software, including a rootkit designed to hijack network traffic and create hidden communication channels inside compromised intranets. The care with which these operations are carried out indicates a long-term campaign for intelligence gathering and industrial sabotage.
???? Top Critical Vulnerabilities to Patch ASAP
Your best-loved software might hold hidden security dangers. Act early and update your systems to avert risk before your cyber competitors strike these vulnerabilities. This week’s top-of-priority list of vulnerabilities are:
- CVE-2025-24989 (Microsoft Power Pages)
- CVE-2025-23209 (Craft CMS)
- CVE-2024-12284 (Citrix NetScaler Console & Agent)
- CVE-2025-26465, CVE-2025-26466 (OpenSSH)
- CVE-2025-21589 (Juniper Networks Session Smart Router)
- CVE-2024-57050 (TP-Link WR840N v6 Router)
- CVE-2025-20059 (Ping Identity PingAM Java Policy Agent)
Beat the exploiters at their game—patch ASAP.
???? Global Cyber Affairs
U.S. Army Soldier Pleads Guilty to AT&T and Verizon Hacks
20-year-old Army soldier Cameron John Wagenius, aka “Kiberphant0m,” pleaded guilty to two charges of unauthorized transfer of confidential telecom information. His illegal adventures, along with co-hackers Connor Riley Moucka and John Binns, included hacking into AT&T and Verizon’s networks. Wagenius is now looking at up to 20 years in prison, another case of insider-facilitated cyber wrongdoing.
Estonian Duo Admits to $577 Million Crypto Ponzi Scheme
Estonian scammers Sergei Potapenko and Ivan Turõgin admitted to running a vast cryptocurrency Ponzi scheme masquerading as HashFlare, a pretended mining service. In four years, they gained $577 million from naive investors, guaranteeing false crypto gains. U.S. officials froze $400 million in illegal proceeds, and the pair could go to prison for 20 years. This instance is the embodiment of the dangers of unregulated crypto investment frauds.
Thai Government Saves 7,000 Scam Syndicate Victims in Myanmar
Thai officials have freed more than 7,000 victims trapped in human trafficking-fueled scam syndicates in Myanmar. The illegal groups, deeply rooted in Cambodia and Laos too, coerce victims into performing financial fraud, romance scams, and fake investment schemes. The United Nations estimates that such criminal operations caused financial losses between $18 billion and $37 billion in East and Southeast Asia in 2023 alone.
Sanctioned Jurisdictions and Entities Powered $16 Billion of Crypto Transactions
Sanctioned jurisdictions and entities enabled almost $115.8 billion in crypto transactions during 2024, accounting for 39% of all illicit crypto transactions. Chainalysis indicates increased no-KYC exchanges and activity from Tornado Cash, a notorious platform used to launder ill-gotten gains. Iranian actors have also escalated crypto-based avoidance techniques, with more than $4.18 billion moved during 2024—a whopping 70% increase year on year.
Final Thoughts
The virtual warfront is constantly evolving, requiring constant vigilance. Cybercriminals continually adapt their strategies, taking advantage of both emerging technologies and neglected weaknesses. While threat actors push the limits, companies and individuals must strengthen their defenses, adopt proactive security solutions, and stay constantly vigilant. Stay informed. Stay secure. The struggle for cyberspace sovereignty rages on.
This article was originally published on thehackernews. Read the original article.
FAQs
What is the largest cryptocurrency heist in history?
The $1.5 billion Bybit hack by the Lazarus Group is currently the largest known cryptocurrency heist.
How are AI models such as ChatGPT being exploited for cybercrime?
AI is used by hackers to carry out automated phishing attacks, create deepfakes, and develop malware scripts.
Why did Apple discontinue Advanced Data Protection in the UK?
Apple did not bow to the UK’s call for backdoor access to the encrypted user data.
How can users defend themselves against state-sponsored cyber attacks?
Strong passwords, multi-factor authentication, and encrypted messaging apps can minimize risks.
What are the most recent cybersecurity trends to be aware of?
Be prepared for more AI-based cyberattacks, advanced phishing methods, and ransomware attacks on critical infrastructure.
