This posting is here to collect cyber security news in July 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in July 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
102 Comments
Tomi Engdahl says:
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication
Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly.
https://www.securityweek.com/fortinet-fortiweb-flaw-exploited-in-the-wild-after-poc-publication/
Tomi Engdahl says:
Fraud: A Growth Industry Powered by Gen-AI
With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic.
https://www.securityweek.com/fraud-a-growth-industry-powered-by-gen-ai/
Tomi Engdahl says:
Google Warns 2 Billion Gmail Users As AI Summaries Hacked
https://www.forbes.com/sites/zakdoffman/2025/07/14/googles-gmail-warning-if-you-see-this-youre-being-hacked/
Google warns Gmail users to beware of “a new wave of threats” that exploit AI upgrades to attack users. This includes “indirect prompt injections,” with “hidden malicious instructions within external data sources,” visible to your AI tools but not to you.
Now one of these hacks has been confirmed in a new report, dropping one such attack into the public domain and leaving Gmail’s 2 billion users are at risk. Google’s fast-paced Gmail AI upgrades have opened new attack surfaces, and just as with other deployments, it is proving alarmingly easy to trick AI into hacking users.
Tomi Engdahl says:
They Can Steal Your Passwords Just From Fan Noise
https://m.youtube.com/watch?v=kDMfDN7iuQY
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cloudflare-says-1111-outage-not-caused-by-attack-or-bgp-hijack/
Tomi Engdahl says:
https://www.mtvuutiset.fi/artikkeli/jopa-16-miljardia-tunnusta-vuodettu-nettiin-ihmiset-eivat-tunnu-valittavan/9189894
Tomi Engdahl says:
Andy Greenberg / Wired:
Researchers: at least 750 US hospitals faced disruptions on the day of last year’s big CrowdStrike outage, and 200+ had outages related to patient care services — Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed.
At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed.
https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/
Tomi Engdahl says:
Financial Times:
X says France’s criminal probe over algorithmic “manipulation” and “fraudulent” data extraction is “distorting French law in order to serve a political agenda”
https://www.ft.com/content/21818d23-71d7-45a4-ae8c-e7940f5d9e00
Tomi Engdahl says:
Microsoftin palvelussa vakava maailmanlaajuinen haavoittuvuus: ”Kiristyshaittaohjelmahyökkääjien unelma”
Anna Helakallio21.7.202509:45Tietoturva
Microsoft julkaisi haavoittuvuuden korjaavan päivityksen sunnuntaina.
https://www.tivi.fi/uutiset/a/64795eb1-4741-4415-8311-b9d4dc5b32ca
Tomi Engdahl says:
A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations
https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/
Security researchers say they have caught a surveillance company in the Middle East exploiting a new attack capable of tricking phone operators into disclosing a cell subscriber’s location.
The attack relies on bypassing security protections that carriers have put in place to protect intruders from accessing SS7, or Signaling System 7, a private set of protocols used by the global phone carriers to route subscribers’ calls and text messages around the world.
Tomi Engdahl says:
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
Ads giant complains of damage to its reputation and finances … and crime, too
https://www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/
Google has filed a lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide and using them to build a botnet, called BadBox 2.0, and then to carry out other cybercrimes and fraud.
“As of April 2025, BadBox 2.0 is comprised of more than ten million infected AOSP-based TV streaming boxes, tablets, projectors, and after-sale car infotainment systems,” according to the lawsuit [PDF]. “In fact, BadBox 2.0 is the largest botnet of infected [connected TVs] CTVs ever uncovered and expands beyond CTVs to include additional devices such as tablets, digital projectors, and others.”
Tomi Engdahl says:
Intel CPUs are crashing again during summer heatwaves, Firefox dev warns
The lesson: if you haven’t applied the firmware patch that solves the problem, do it now.
https://www.pcworld.com/article/2851951/intel-cpus-are-crashing-again-during-summer-heatwaves-firefox-dev-warns.html
Tomi Engdahl says:
Washington Post:
Researchers say hackers linked to the Chinese government were behind at least some of the recent widespread attacks using the SharePoint RCE vulnerability — Researchers say Chinese and other criminal hackers have exploited a security flaw in SharePoint software widely used by governments and businesses — and may come back.
https://www.washingtonpost.com/technology/2025/07/21/china-hackers-microsoft-sharepoint/?pwapi_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZWFzb24iOiJnaWZ0IiwibmJmIjoxNzUzMDcwNDAwLCJpc3MiOiJzdWJzY3JpcHRpb25zIiwiZXhwIjoxNzU0NDUyNzk5LCJpYXQiOjE3NTMwNzA0MDAsImp0aSI6ImUwMTZjMjg5LWNlYTQtNDA5OC05NzM5LTgxZmQxZjZjN2YzZCIsInVybCI6Imh0dHBzOi8vd3d3Lndhc2hpbmd0b25wb3N0LmNvbS90ZWNobm9sb2d5LzIwMjUvMDcvMjEvY2hpbmEtaGFja2Vycy1taWNyb3NvZnQtc2hhcmVwb2ludC8ifQ.YSflkjRm1ObpQkdFfVkQ2IxmEvDzitVtxfB0-Gf53fM
Tomi Engdahl says:
Alan Suderman / Associated Press:
Critics say tokenization, led by Robinhood, could undermine securities law and investor protections that have made the US financial system the envy of the world
The risks and rewards of tokenization as crypto heavyweights push for it
https://apnews.com/article/crypto-robinhood-openai-tokenization-sec-bfd41220717fe9b6ebcd0305005e0018
As cryptocurrencies become more intertwined with the traditional financial system, industry heavyweights are racing for a long-sought goal of turning real-world assets into digital tokens.
“Tokenization is going to open the door to a massive trading revolution,” said Vlad Tenev, the CEO of the trading platform Robinhood at a recent James Bond-themed tokenization launch event in the south of France.
Advocates say tokenization is the next leap forward in crypto and can help break down walls that have advantaged the wealthy and make trading cheaper, more transparent and more accessible for everyday investors.
But critics say tokenization threatens to undermine a century’s worth of securities law and investor protections that have made the U.S. financial system the envy of the world. And Robinhood’s push into tokenizing shares of private companies quickly faced pushback from one of the world’s most popular startups.
Tomi Engdahl says:
Weak Password Allows Hackers To Sink 158-Year-Old Company
https://wonderfulengineering.com/weak-password-allows-hackers-to-sink-158-year-old-company/?fbclid=IwY2xjawLtSjVleHRuA2FlbQIxMQABHlyraCc5847kR73Pa43Kp-YsYFHLweHqfaDuI1lqGBp_Qi8utPkxqjl0YyKG_aem_LB3R6dEYTAkF0xBDOj7tOw
A sobering reality of the digital age was revealed when a 158-year-old UK company was brought down by a single weak password. 700 workers lost their jobs when KNP, a transport company based in Northamptonshire that operates under the well-known “Knights of Old” brand, was completely destroyed by a ransomware attack.
By attempting to guess an employee’s password, hackers from the Akira ransomware gang are thought to have gained access to KNP’s systems. Once inside, they demanded a ransom, estimated at up to £5 million, to unlock the encrypted data. KNP was forced to permanently cease operations since it was unable to pay and lacked access to vital information.
The business had industry-standard IT systems and cyber insurance, but it was helpless against this attack.
There are numerous cases like this one. An estimated 19,000 ransomware attacks occurred in the UK last year alone.
just “too many attackers” and not enough defenders. According to Suzanne Grimmer of the National Crime Agency, the availability of hacking tools that require little technical expertise is to blame for the nearly twofold increase in incidents over the past two years.
Officials discourage ransom payments, which only serve to increase crime, and emphasize prevention. However, in order to survive, many businesses continue to opt for silent payment methods. To make sure companies are prepared to handle the increasing cyber threat, some, like Paul Abbott, are now advocating for mandatory cybersecurity assessments, or what he calls a “cyber-MOT.” The demise of KNP serves as a terrifying reminder of how vulnerable even century-old institutions can be to cyberattacks as they develop and become more intense.
Tomi Engdahl says:
Suomalaisilta Mobilepay-käyttäjiltä huijattiin vuonna 2024 yhteensä noin 180 000 euroa, Mobilepay kertoo turvallisuuskatsauksessaan.
Suurin osa huijatuista summista oli 10–4 000 euron välillä, mutta isompiakin summia on sen mukaan menetetty. Kaikkiaan Mobilepayn läpi kulki viime vuonna 6,6 miljardia euroa. Sen sovelluksella on Suomessa lähes kolme miljoonaa käyttäjää.
https://www.iltalehti.fi/digiuutiset/a/e50bc783-cd39-4739-994f-b19beb15103b
Tomi Engdahl says:
Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch
Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days.
https://www.securityweek.com/microsoft-says-chinese-apts-exploited-toolshell-zero-days-weeks-before-patch/
Tomi Engdahl says:
Reclaiming Control: How Enterprises Can Fix Broken Security Operations
Once a manageable function, security operations has become a battlefield of complexity.
https://www.securityweek.com/reclaiming-control-how-enterprises-can-fix-broken-security-operations/
Tomi Engdahl says:
Dell Says Data Leaked by Hackers Is Fake
Dell confirms the compromise of a demo environment containing synthetic data after hackers leak allegedly stolen information.
https://www.securityweek.com/hackers-leak-fake-dell-data/
Tomi Engdahl says:
Vulnerabilities Expose Helmholz Industrial Routers to Hacking
Eight vulnerabilities, including ones allowing full control over a device, have been discovered and patched in Helmholz REX 100 industrial routers.
https://www.securityweek.com/vulnerabilities-expose-helmholz-industrial-routers-to-hacking/
Tomi Engdahl says:
700 menetti työnsä: 158-vuotias firma kaatui yhteen salasanaan
Johtaja halusi säästää kyseisen työntekijän hirvittävältä tiedolta, BBC kertoo.
700 menetti työnsä: 158-vuotias firma kaatui yhteen salasanaan
https://www.is.fi/digitoday/tietoturva/art-2000011382128.html
Vuonna 1865 perustettu yritys joutui BBC:n mukaan sulkemaan ovensa kärsittyään musertavan kiristysohjelmahyökkäyksen. Se onnistui tiettävästi yhden arvaamalla selvitetyn salasanan avulla, ja nyt 700 ihmistä on vailla töitä.
https://www.bbc.com/news/articles/cx2gx28815wo
Tomi Engdahl says:
Replit’s CEO apologizes after its AI agent wiped a company’s code base in a test run and lied about it
https://www.businessinsider.com/replit-ceo-apologizes-ai-coding-tool-delete-company-database-2025-7
Replit’s CEO has apologized after its AI coder deleted a company’s code base during a test run.
“It deleted our production database without permission,” said a venture capitalist who was building an app using Replit.
“Possibly worse, it hid and lied about it,” he added.
Tomi Engdahl says:
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
Joseph Cox
Joseph Cox
·
Jul 21, 2025 at 9:05 AM
Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to divorce lawyers and other industries.
https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/
Tomi Engdahl says:
Spain awards Huawei contracts to manage intelligence agency wiretaps
The Spanish government is using Huawei to manage and store judicially authorized wiretaps in the country used by both law enforcement and intelligence services, despite concerns about how the Chinese government could compel Huawei to assist Beijing with its own intelligence activities.
The Ministry of the Interior officially awarded Huawei a €12.3 million ($14.3 million) contract following a standard public procurement process, as first reported by Spanish digital newspaper The Objective. Huawei had already been contracted to provide technical support to SITEL (Sistema Integrado de Interceptación Legal de las Telecomunicaciones), Spain’s integrated system for intercepting telecommunications.
https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps
Tomi Engdahl says:
W3C Releases Digital Credentials API Draft to Advance Standardized Identity Verification on the Web
https://idtechwire.com/w3c-releases-digital-credentials-api-draft-to-advance-standardized-identity-verification-on-the-web/
Tomi Engdahl says:
https://cafeadele.fi/on-paljastettu-uusi-pankkipetosten-muoto-jossa-tilit-paljastuvat-sekunneissa-yhdella-napsautuksella-sovelluksessa/
https://cafeadele.fi/paypal-jaadyttaa-rahat-kaikilla-kayttajien-pankkitileilla-jotka-tekevat-siirtoja-joiden-summa-ylittaa-taman/
Tomi Engdahl says:
https://www.mastercard.com/us/en/news-and-trends/stories/2025/one-click-checkout.html
Tomi Engdahl says:
FileFix on pirullinen tapa kaapata käyttäjän tietokone
https://etn.fi/index.php/13-news/17712-filefix-on-pirullinen-tapa-kaapata-kaeyttaejaen-tietokone
Tietoturvayritys Check Pointin tutkijat ovat paljastaneet uudenlaisen, erityisen ovelan kyberhyökkäystekniikan nimeltä FileFix, joka osoittaa, kuinka tehokkaasti hyökkääjät voivat hyödyntää käyttäjien rutiineja ja luottamusta tuttuihin työkaluihin. Toisin kuin perinteiset haittaohjelmat, FileFix ei hyödynnä teknisiä haavoittuvuuksia — se käyttää hyväkseen pelkästään ihmisen käyttäytymistä.
FileFix toimii ympäristössä, joka on jokaiselle Windows-käyttäjälle tuttu: Resurssienhallinnassa. Hyökkäyksessä käyttäjä huijataan tekemään kaikki toimet itse, uskoen tekevänsä täysin normaalia tehtävää.
FileFix-hyökkäys etenee näin: Käyttäjä ohjataan haitalliselle verkkosivulle, joka saattaa näyttää esimerkiksi vialliselta CAPTCHA-sivulta tai tutun palvelun virhesivulta. Sivusto avaa laillisen Windowsin Resurssienhallinta-ikkunan käyttäjän tietokoneessa. Samaan aikaan sivun JavaScript kopioi automaattisesti leikepöydälle PowerShell-komennon, joka on naamioitu näyttämään tavalliselta tiedostopolulta. Käyttäjää ohjeistetaan liittämään kyseinen “polku” Resurssienhallinnan osoitekenttään ja painamaan Enter.
Kun käyttäjä suorittaa tämän vaiheen, Windows ajaa piilotetun PowerShell-komennon, joka voi ladata ja suorittaa haittaohjelman — täysin ilman varoituksia tai turvailmoituksia.
FileFix kiertää lähes kaikki perinteiset tietoturvasuojaukset, koska siinä käytetään vain normaaleja Windowsin toimintoja, kuten leikepöytää ja Resurssienhallintaa. Käyttäjälle kaikki näyttää tavanomaiselta ja turvalliselta.
Hyökkäys on jatkoa aiemmalle ClickFix-tekniikalle, jossa käyttäjää huijattiin liittämään haitallinen komento Windowsin Suorita-ikkunaan. FileFix vie tämän askeleen pidemmälle ja tekee hyökkäyksestä vieläkin näkymättömämmän.
Check Pointin mukaan FileFix on jo otettu testikäyttöön oikeissa tietojenkalastelukampanjoissa.
Tomi Engdahl says:
HeroDevs Raises $125 Million to Secure Deprecated OSS
HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks.
https://www.securityweek.com/herodevs-raises-125-million-to-secure-deprecated-oss/
HeroDevs enables organizations to protect their stack without overhauling their applications, preventing data breaches and cyberattacks that exploit OSS vulnerabilities and helping security teams plan software transitions at their own pace.
The company provides commercial licenses to over 30 Never-Ending Support (NES) products, which are patched versions of software that organizations already use, behave identically, and are compatible with modern browsers and key third-party libraries.
https://www.herodevs.com/
Tomi Engdahl says:
New York Seeking Public Opinion on Water Systems Cyber Regulations
The proposed cyber regulations include the implementation of incident reporting, response plans, and cybersecurity controls, training, and certification of compliance.
https://www.securityweek.com/new-york-seeking-public-opinion-on-water-systems-cyber-regulations/
Tomi Engdahl says:
High-Value NPM Developers Compromised in New Phishing Campaign
Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.
https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/
A new supply chain attack resulted in the delivery of malware via popular NPM packages after the maintainers’ accounts were compromised.
First reported on last week, the attacks start with a phishing email that relies on typosquatting to impersonate the Node.js package registry.
The attackers created a full copy of the NPM website at ‘npnjs.com’, and used it to send legitimate-looking emails to multiple developers, prompting them to provide their login credentials.
The emails contained tokenized URLs, which allow the attackers to track clicks, pre-fill victim data on the phishing site, or generate fake sessions to mimic NPM’s login process. The messages also contained support links to the legitimate npmjs.com site.
Shortly after security firm Socket flagged such a phishing email sent to the maintainer of packages with 34 million combined weekly downloads, several popular NPM packages were reported as compromised as part of the phishing campaign.
Malicious versions of these packages – including eslint-config-prettier, eslint-plugin-prettier, napi-postinstall, @pkgr/core, and synckit – that were published to the registry, without corresponding commits on GitHub, attempted to execute a malicious DLL on Windows systems.
Tomi Engdahl says:
Richard Lawler / The Verge:
Starlink experienced a network outage for about 2.5 hours on Thursday; NetBlocks reports that connectivity dropped to “16% of ordinary levels” — SpaceX’s satellite internet service experienced a ‘network outage’ that cut off internet for users around the world.
Starlink’s satellite internet is back online after a massive outage
https://www.theverge.com/news/713359/starlink-down-outage-global-network-offline
SpaceX’s satellite internet service experienced a ‘network outage’ that cut off internet for users around the world.
Tomi Engdahl says:
Shane Hickey / The Guardian:
A UK court sentences a 21-year-old student who created phishing kits that mimicked government, bank, and charity websites, linked to £100M of fraud — Ollie Holman created kits that mimicked charity and bank webpages so criminals could harvest victims’ personal details
UK student jailed for selling phishing kits linked to £100m of fraud
https://www.theguardian.com/technology/2025/jul/24/canterbury-student-phishing-kits-jailed-fraudsters
Ollie Holman created kits that mimicked charity and bank webpages so criminals could harvest victims’ personal details
Tomi Engdahl says:
Emma Roth / The Verge:
Google will officially deprecate links generated with its goo.gl URL shortener on August 25, 2025; the company stopped generating goo.gl URLs in March 2019 — Links created with Google’s URL shortener will return a 404 error starting August 25th. … Google will officially deprecate links generated …
Google’s shortened goo.gl links will stop working next month
https://www.theverge.com/news/713125/google-url-shortener-links-shutdown-deadline
Links created with Google’s URL shortener will return a 404 error starting August 25th.
Tomi Engdahl says:
Raphael Satter / Reuters:
Microsoft says the “Storm-2603” group is now deploying ransomware via vulnerable SharePoint server versions, as the estimated number of victims hits 400+ — A cyber-espionage campaign centered on vulnerable versions of Microsoft’s (MSFT.O) server software now involves the deployment …
https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-says-some-sharepoint-server-hackers-now-using-ransomware-2025-07-23/
Tomi Engdahl says:
From today, websites that carry adult content are required by law to ask for photo ID or bank account details in order to verify a user’s age, so that children can be protected – where’s the harm in that, asks Claire Cohen
To all the angry men online, putting face-scan checks on porn really isn’t about you
From today, websites that carry explicit content are required by law to ask for photo ID or bank account details in order to verify a user’s age, so that children can be protected – where’s the harm in that, asks
https://www.independent.co.uk/voices/porn-vpn-face-scan-age-verification-pornhub-b2795367.html?callback=in&code=NDQWYWZHNDGTYZE1YS0ZMDVMLWE1ZDGTMDKYNZK3ZWJKZGRH&fbclid=IwY2xjawLwfIFleHRuA2FlbQIxMQABHmoITUXBrma_LcScHtd-ifdA-rXa7UjWFa3AT3SbjrbESd9PfzU8qr-mkNEk_aem_7wWMjq7xygVXvdDUq8VFnA&state=9c5874a863ad4135a628178cb6d6260d&utm_campaign=picturepost&utm_medium=social&utm_source=facebook
Around 14 million people in the UK are probably having a bad day. That’s how many of us watch online pornography, according to Ofcom. From today, they will have to pass age verification checks to access all UK porn sites. The legislation is part of the Online Safety Act, designed to protect children from seeing harmful material online.
May I be the first to say: boo hoo? Can’t watch that gang bang without putting in your credit card details, uploading photo ID, supplying your bank account number, mobile phone operator, or using email-based age verification? Diddums.
The average age at which children are thought to first view pornography in this country is 13. Thirteen! The charity Barnardos estimates that children could access porn more than 50 million times in the next three years, and says it’s “supporting children as young as seven who have accessed pornography sites. This includes rape, incest, domestic abuse and child sexual abuse.”
So forgive me if the idea of adults having to go through age checks to protect the youngest and most vulnerable in society doesn’t exactly inspire pity. I mean, we already ask for ID to buy alcohol, watch 18-rated films and gamble in casinos.
Except, already, online forums are full of frustrated and furious men – 73 per cent of UK porn users are male – sharing tips on how to beat the system. Debate is raging over whether you can use a generic image of someone else’s driving license scraped from the internet or an AI-generated face. There’s endless advice on which VPN – a Virtual Private Network that encrypts your IP address and makes it look as though you’ve connected to the internet from a country where the laws don’t apply – is best.
Tomi Engdahl says:
Sudden spike in VPN interest as people bypass new age checks for porn sites
UK visitors to PornHub and other sites are now required to verify their age, but people are finding an easy way around the rules
https://www.independent.co.uk/tech/vpn-best-avoid-porn-age-checks-pornhub-b2795814.html?utm_medium=social&utm_source=facebook&utm_campaign=picturepost&fbclid=IwY2xjawLwuwFleHRuA2FlbQIxMQABHhaU4r8_4FSAGL027CG3zY32F76aSeL3qcvSG25wEHr9bhL2ExZARFIpUbxG_aem_KU75qglAmKMRFzYonA0fLA
Online searches for virtual private networks (VPNs) have surged in the UK after new age verification rules for porn sites were introduced on Friday.
Data from Google Trends shows that searches for the term ‘VPN’ shot up more than 700 per cent on Friday morning, suggesting that web users are attempting bypass the age checks.
The new verification rules, which are part of the UK’s Online Safety Act, require websites like PornHub, YouPorn and RedTube to check that visitors are over 18 through photo IDs, facial recognition or credit card information.
These checks can be avoided by using a VPN service to spoof the location of a device to a country where such rules are not in place.
“Ofcom may have the power to ‘geo-block’ access to these websites in the U.K., but I have seen little evidence that this cannot be easily circumvented by a basic VPN, which a great many people already use,”
Tomi Engdahl says:
People discover loophole to get around new UK porn rules less than one day after it became law
Some users are already claiming to have found a way around the new verification process, which came into force today
https://www.ladbible.com/news/uk-news/porn-sites-age-verification-rules-loophole-vpns-683449-20250725?fbclid=IwY2xjawL074ZleHRuA2FlbQIxMQABHsyDEXwcQPbfi_oOZ2S2G76Ah9aM5oZY9VU-_Y9malbHSJ1ScPYM4n0OH6wL_aem_5fpJYY0ETEPLWLlinMfK0A
Simply clicking a button to confirm you are over the age of 18 is now a thing of the past, as porn sites have introduced a string of measures to make sure only adults can gain access.
Where there’s a will, there’s a way – and in less than 24 hours, people claim to have already found a technique to get around the new age verification checks on porn sites.
When the clock struck midnight, the strict alterations surrounding how Brits access adult content came into force.
Industry titans, including Pornhub, Stripchat and Jerkmate, have all agreed to implement ‘highly effective’ age checks to verify the maturity of their users from today (25 July).
It’s all part of the government’s crackdown on X-rated content, which intends to prevent children from accessing pornography and other harmful stuff online.
Tomi Engdahl says:
Ofcom, who is responsible for policing porn sites to make sure they comply, has already admitted there is no way to stop Brits from using virtual private networks (VPNs) to circumvent the age checks.
https://www.ladbible.com/news/uk-news/porn-sites-age-verification-rules-loophole-vpns-683449-20250725?fbclid=IwY2xjawL074ZleHRuA2FlbQIxMQABHsyDEXwcQPbfi_oOZ2S2G76Ah9aM5oZY9VU-_Y9malbHSJ1ScPYM4n0OH6wL_aem_5fpJYY0ETEPLWLlinMfK0A
Reddit users reckon that this essentially makes the age verification process redundant, as people in the UK could simply use a VPN to gain access to adult content.
One person said: “This is how short sighted or technologically illiterate this country’s government is. Absolutely kids will just use a VPN, or a seedy less legit website.”
Another wrote: “VPN. Done. Its a non issue for anyone with the most minimal of computing knowledge.
“Ironically the most computer literate in our country, the younger ones, will know exactly what to do. Therefore an absolutely useless law.”
While a third added: “The only people this will actually affect is the 50+ year olds lol.”
“There will be teenagers – dedicated teenagers – who want to find their way to porn, in the same way as people find ways to buy alcohol under 18. They will use VPNs. And actually, I think there’s a really important reflection here. It’s not just us, in terms of making life safer online.
“Parents having a view in terms of whether their kids have got a VPN, and using parental controls and having conversations, feels a really important part of the solution.”
As well as age verification checks, the rules require platforms to ensure algorithms do not work to harm children by, for example, pushing such content on the likes of self harm and eating disorders towards them.
“I have very high expectations of the change that children will experience,” Kyle told Sky News. “And let me just say this to parents and children, you will experience a different internet really, for the first time in from today, moving forward than you’ve had in the past. And that is a big step forward.”
Websites which fail to comply could be hit with fines, or their website could even become unavailable in the UK through a court order
Tomi Engdahl says:
Russia’s Aeroflot cancels flights after pro-Ukraine hackers claim cyber-attack
More than 50 flights axed and 10 delayed as Silent Crow hacking group apparently claims responsibility
https://www.theguardian.com/business/2025/jul/28/russia-aeroflot-cancels-flights-pro-ukraine-hackers-cyber-attack?fbclid=IwY2xjawL0-95leHRuA2FlbQIxMQABHjNsVpUhmrvEnT03RgGrljAH9DcLUrc8TWF2pmKpAWUoCDso9wuUjGedpIyb_aem_cSpBl6E6OAjqEb-oGjl9vw
Tomi Engdahl says:
Phone networks down: EE, BT, Three and Vodafone all not working in mass outage
https://www.independent.co.uk/tech/ee-bt-three-vodafone-o2-down-phone-networks-outage-latest-b2795260.html
Several major phone networks in the UK appear to be down following a major outage.
BT, EE, Three and Vodafone were all suffering issues on Thursday afternoon, according to Downdetector.
Millions of customers are unable to make or receive calls, with many taking to social media to report the problem.
Tomi Engdahl says:
https://www.aikido.dev/?utm_campaign=GLOBAL_BOFU_Conversion&utm_medium=paidsocial&utm_source=meta&hsa_acc=722879989276138&hsa_cam=120213418979230728&hsa_grp=120216411908940728&hsa_ad=120216411908960728&hsa_src=fb&hsa_net=facebook&hsa_ver=3&fbclid=IwQ0xDSwLsQERleHRuA2FlbQEwAGFkaWQBqyYSwSzguAEewc4_aqsNhBqv82PFFe1SInwGlPh110m5LJlXoP9PZDvemUe0Fm37fgMEFeQ_aem_JCTzfI5W6lL13Vfe1TO7Qg&utm_id=120213418979230728&utm_content=120216411908960728&utm_term=120216411908940728
Tomi Engdahl says:
https://www.solita.fi/blogs/ai-for-cybersecurity-or-cybersecurity-for-ai-or-both/
Tomi Engdahl says:
https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/
Tomi Engdahl says:
The most industry-trusted compliance and security platform
Meet with a Vanta expert who will listen and learn about your business needs
Get full visibility into the Vanta platform
Receive one-to-one feedback on the best strategies to automate your security and compliance
The leading security compliance solution trusted by over 12,000 customers.
https://www.vanta.com/lp/demo-ad
Tomi Engdahl says:
It-tuki antoi salasanat rikollisille
23.7.202518:40
Kyberhyökkäys aiheutti yhtiölle 380 miljoonan dollarin vahingot.
https://www.mikrobitti.fi/uutiset/a/6f5e1475-c392-4a78-bd7a-6f6a2c82636d
Tomi Engdahl says:
Tekninen häiriö sekoitti pörssikursseja
Sijoittaminen|Nasdaq Nordic kertoo Kauppalehdelle peruvansa kaikki kello 18 jälkeen tehdyt toimeksiannot Helsingin, Tukholman ja Islannin pörsseissä.
https://www.hs.fi/talous/art-2000011395169.html?fbclid=IwZXh0bgNhZW0CMTEAAR67xwC0f0hbl32HtL0vwOK4CKVyUhY8s6SrCDnGHoxaVMg9fFx_PRO5rWrgdg_aem_OGMY_wWN9kJ81OIX6P08qA
Tomi Engdahl says:
Major air traffic control outage grounds flights across London
Traffic control issues have grounded planes in the London area, including at Heathrow airport
https://www.independent.co.uk/travel/news-and-advice/air-traffic-control-down-heathrow-gatwick-flights-latest-news-b2798976.html?utm_medium=social&utm_source=facebook&utm_campaign=picturepost&fbclid=IwY2xjawL3HWtleHRuA2FlbQIxMQABHve68gzzQUh9QZciZWrAoIMdXDjSd2YeuuwwvRkY9lu-n5yLi4givK0PngBh_aem_15PzxiIuGUJMyyBGOSwRqg
Major delays have been reported to flights in the UK due to traffic control issues, grounding planes in the London area.
In a statement, Gatwick Airport said the technical issue meant there are currently no departures while the situation is being resolved.
Tomi Engdahl says:
Lenovo has released urgent BIOS updates and warned about high-severity flaws that allow privileged local attackers to gain complete control of systems
#Lenovo #cybersecurity
Major flaws found in Lenovo BIOS: attackers can take over systems
https://cybernews.com/security/lenovo-warns-about-major-bios-flaws/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post
Lenovo has released urgent BIOS updates and warned about high-severity flaws that allow privileged local attackers to gain complete control of systems. Some updates are still pending.
Six newly discovered vulnerabilities are affecting Lenovo computers with BIOS from Insyde Software, a global provider of system firmware and software engineering services.
“Potential vulnerabilities were reported in Insyde BIOS used in some Lenovo IdeaCentre and Yoga All-In-One products that could allow a privileged local attacker to read SMRAM contents or execute arbitrary code in System Management Mode (SMM),” the Lenovo advisory reads.
https://support.lenovo.com/us/en/product_security/LEN-201013
Tomi Engdahl says:
An official advisory was recently sent out to the US military, warning that all forces must now assume their networks have been breached. The enemy is inside the house. (Not sure about Iraq’s Nuclear program see typo)
What it means is that no system connected to the internet can be defended.
Our own national cybersecurity agency asked UK businesses to make this presumption in 2020. The reason this hasn’t been bigger news is that we’ve become fatalistic and weary, as one cybersecurity attack follows another.
Andrew Orlowski
Chinese hackers have seized control. How did we let this happen?
The complacency of the great and good of IT has left the West horribly exposed to Beijing
https://www.telegraph.co.uk/business/2025/07/28/chinese-hackers-seized-control-how-let-it-happen/
A civilisation that cannot defend itself really should not expect to survive, and after the latest cybersecurity news, I wonder how it can.
An official advisory was recently sent out to the US military, warning that all forces must now assume their networks have been breached. The enemy is inside the house.
Microsoft has warned that hackers linked to Beijing are exploiting the flaw, while Britain’s National Cyber Security Centre has said organisations in the UK have also been hit.
The flaw allows hackers to remotely run software code on victims’ servers, potentially allowing them to install malicious software and steal data.
According to Bloomberg, which reported the breach, no sensitive information is believed to have been stolen in the hack on the NNSA.
A spokesman for the US energy department said it was “minimally impacted” by the hack last Friday.
It is unclear whether Chinese hackers are responsible for the nuclear agency attack.
However, Microsoft has alleged that China-linked groups dubbed Linen Typhoon, Violet Typhoon and Storm-2603 have been exploiting the software vulnerability.
“It seems logical that it would be the Chinese,”
The flaw disproportionately targets government agencies since they are more likely to run Microsoft software on their own servers. Many companies run the software on Microsoft’s cloud, which has not been affected by the attacks.
https://www.telegraph.co.uk/business/2025/07/23/chinese-hackers-suspected-americas-nuclear-weapons-agency/