Deepfake detectors are slowly coming of age, at a time of dire need
While AI was on everyone’s lips in Las Vegas this week at the trio of security conferences in Sin City – BSides, Black Hat, AND DEF CON – there were a lot of people using the F-word too: fraud. The plummeting cost of using AI, coupled with the increasing sophistication of deepfakes and electronic communications becoming the norm, means that we’re likely facing a massive amount of machine-learning mayhem. Deloitte estimates deepfake fraud will cost the US up to $40 billion by 2027, but everyone we’ve spoken to thinks that’s an underestimation.
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle “Toha.” Here’s a deep dive on what’s knowable about Toha, and a short stab at who got nabbed.
US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms
U.S. law enforcement agencies provided new details on an operation that dismantled critical infrastructure used by the BlackSuit ransomware gang after the organization’s leak site was replaced with a takedown banner nearly two weeks ago. The group — which rebranded from its Royal name after a devastating 2023 attack that shut down the city of Dallas — successfully attacked more than 450 entities in the U.S. Since emerging in 2022, the gang secured more than $370 million in ransom payments, according to U.S. investigators. “The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” said Assistant Attorney General for National Security John Eisenberg.
Red teams are safe from robots for now, as AI makes better shield than spear
At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week ahead of DEF CON and BSides, the opening keynote speaker suggested the current state of AI slightly favors defenders over attackers, but he warned that was not a given for much longer. “I do believe that AI is the key [in security] because that’s one of the few fields where defenders are ahead of the attackers,” Mikko Hyppönen, outgoing chief research officer for Finnish security firm WithSecure, told the audience. “All the cybersecurity companies here will tell you how extensively they use generative AI in their products. Yes, attackers are using AI as well, but they’re only beginning. We’ve only seen fairly simple attacks with AI so far. It will change, but right now, I would claim we are ahead.”
Reddit will block the Internet Archive
Reddit says that it has caught AI companies scraping its data from the Internet Archive’s Wayback Machine, so it’s going to start blocking the Internet Archive from indexing the vast majority of Reddit. The Wayback Machine will no longer be able to crawl post detail pages, comments, or profiles; instead, it will only be able to index the Reddit.com homepage, which effectively means IA will only be able to archive insights into which news headlines and posts were most popular on a given day. ”Internet Archive provides a service to the open web, but we’ve been made aware of instances where AI companies violate platform policies, including ours, and scrape data from the Wayback Machine,” spokesperson Tim Rathschmidt tells The Verge.
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with another previously unknown vulnerability in Windows, CVE‑2024‑49039, targeting vulnerable versions of Firefox, Thunderbird, and the Tor Browser, leading to arbitrary code execution in the context of the logged-in user in October 2024.
UK secretly allows facial recognition scans of passport, immigration databases
Privacy groups report a surge in UK police facial recognition scans of databases secretly stocked with passport photos lacking parliamentary oversight. Big Brother Watch says the UK government has allowed images from the country’s passport and immigration databases to be made available to facial recognition systems, without informing the public or parliament. The group claims the passport database contains around 58 million headshots of Brits, plus a further 92 million made available from sources such as the immigration database, visa applications, and more.
