UK to spend $1.1 billion relocating Afghan helpers following data breach

A Special Request

Metacurity has been a labor of love for years, and I’m so grateful for your readership. Your support can help ensure I can continue delivering the carefully curated weekly long-reads and daily digests of the most critical developments in cybersecurity.

If you find value in what Metacurity offers, please consider upgrading to a paid subscription. We also provide corporate subscription options, and soon we’ll be introducing affordable sponsorship opportunities—perfect for promoting your events or products to a highly engaged audience.

To learn more, feel free to reach out at cynthia@metacurity.com.

Thank you so much for being part of the Metacurity community.

If you can't commit to a subscription, please consider donating what you can afford to help keep Metacurity free to all.

Thousands of people are being relocated to the UK as part of a secret £850m (around $1.1 billion) scheme set up after a personal data leak of Afghans who supported British forces, it can now be reported.

A dataset containing the personal information of nearly 19,000 people who applied for the Afghan relocations and assistance policy (Arap) was released “in error” by a defence official in February 2022.

The breach resulted in the creation of a secret Afghan relocation scheme, the Afghanistan Response Route, in April 2024.

The scheme is understood to have cost about £400m (around $537 million) so far, with a projected cost once completed of about £850m. Millions more are expected to be paid in legal expenses and compensation.

The Ministry of Defence (MoD) only became aware of the breach more than a year after the release when excerpts of the dataset were anonymously posted on a Facebook group in August 2023. (The Guardian)

Related: BBC News, Financial Times, The Independent, Metro

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), who has been granted access to sensitive databases at the US Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security, inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk’s artificial intelligence company xAI.

On July 13, Mr. Elez committed a code script to GitHub called “agent.py” that included a private application programming interface (API) key for xAI. The inclusion of the private key was first flagged by GitGuardian, a company that specializes in detecting and remediating exposed secrets in public and proprietary environments. GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys and fire off automated alerts to affected users.

Philippe Caturegli, “chief hacking officer” at the security consultancy Seralys, said the exposed API key allowed access to at least 52 different LLMs used by xAI. The most recent LLM in the list was called “grok-4-0709” and was created on July 9, 2025.

xAI announced that the Department of Defense will begin using Grok as part of a contract worth up to $200 million. The contract award came less than a week after Grok began spewing antisemitic rants and invoking Adolf Hitler.

Elez is not the first DOGE worker to publish internal API keys for xAI. In May, another DOGE employee leaked a private xAI key on GitHub for two months, exposing LLMs that were custom-made for working with internal data from Musk’s companies, including SpaceX, Tesla, and Twitter/X. (Brian Krebs / Krebs on Security)

Related: Hacker News (ycombinator)

Maryland-based Hill Associates, which supplies IT services to the US government, has agreed to a $14.75 million fine to settle alleged violations of its contracts with federal agencies.

The Department of Justice alleged that Hill Associates had billed for cybersecurity services that were out of the scope of its contract, and which would have required it to undergo a technical evaluation required by the General Services Administration. According to a settlement agreement, the company had not passed such an evaluation. 

It was also accused of charging for unapproved fees and of overstating its overhead costs by including incentive compensation for executives.

Hill Associates had a contract to supply services to the Department of Justice and the Treasury Department from 2018 until 2023. On top of the nearly $15 million fine, Hill Associates also agreed to pay 2.5% of its annual revenues exceeding $18.8 million beginning next year and lasting until the end of the decade.

The case was brought under the False Claims Act, a 160-year-old law that allows the government to collect civil damages from contractors who violate the terms of their agreement. (James Reddick / The Record)

Related: Justice.gov, The Cyber Express

A 44-year-old man, a Romanian citizen, was arrested in Milan on charges of being the main director behind a series of cyber attacks orchestrated by the ‘Diskstation’ gang, which is supposedly a ransomware group.

The arrest, carried out by the Italian Postal Police, is the result of a joint investigation that also involved the authorities of France, Romania, and Europol.

According to the findings, the man was the group’s operational point of reference, managing both the technical side of the attacks and the activities related to the collection of cryptocurrency payments. Law enforcement agencies consider him to be a leading figure in the European cybercrime scene.

The gang’s operations were mainly concentrated in Northern Italy, particularly in the provinces of Milan, Bergamo, and Brescia. The preferred targets were medical, legal, and commercial offices.

In the last 18 months alone, at least 42 attacks have been traced back to the group with certainty. Ransom demands ranged from tens to hundreds of thousands of euros. In some cases, the affected companies had to cease operations completely for days, resulting in considerable damage. (Redazione / Decripto)

Related: Ansa.it, La Milano, Rai News.it, Databreaches.net

According to sources and a document draft, the Office of Management and Budget has drafted a memorandum that directs federal agencies to migrate to a post-quantum cryptographic standard fully.

The memo will emphasize the future of post-quantum cryptography migration in the federal government, as well as set standards for which third-party technology vendors must adhere.

The document touches on multiple aspects of the government’s PQC migration efforts. It prioritizes strategies such as strengthening cybersecurity maintenance, planning agency governance and oversight in successful PQC implementation, and inventorying high-risk digital assets as critical components of PQC migration.

The memo also sets requirements for third-party technology vendors working with the government, asking them to ensure PQC standards are upheld and embedded during technology refresh and lifecycle updates, cloud migration, and other software changes.

As it does with federal agencies, the memo requests that vendors disclose their individual phased PQC transition timelines. It notes that leveraging automation is helpful in PQC migration steps, namely regarding asset inventory management and policy compliance.

The document does not have a set release date. (Alexandra Kelley / NextGov)

Related: Quantum Zeitgeist

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems, with minimal supervision by US personnel, leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary.

The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on US citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.

But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.

Former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Department’s IT agency had difficulty finding someone familiar with it. “Literally no one seems to know anything about this, so I don’t know where to go from here,” said Deven King, spokesperson for the Defense Information Systems Agency.

“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” said Harry Coker, who was a senior executive at the CIA and the National Security Agency. Coker, who was also the national cyber director during the Biden administration, added that he and his former intelligence community colleagues “would love to have had access like that.”

It isn't easy to know whether engineers overseen by digital escorts have ever carried out a cyberattack against the US government. But Coker wondered whether it “could be part of an explanation for a lot of the challenges we have faced over the years.” (Renee Dudley, with research by Doris Burke / ProPublica)

Ján Kuciak Investigative Center and Aktuality report that Russia is leveraging Slovakian technical services to publish sensitive information of Ukrainian Armed Forces service members online.

Alongside troop details, confidential data of their relatives and some activists in Ukraine are also being posted in these portals dubbed “doxing” sites due to inciting aggression, humiliation, and intimidation.

The Russian websites also target public figures in Slovakia, Poland, Hungary, and the Czech Republic.

The technical company named as a collaborator in this campaign is StormWall, a commercial hosting firm reportedly registered in Bratislava but owned by Russian nationals.

The company supports NewsFront, a Crimea-based news agency the US government has deemed a “Crimea‑based disinformation and propaganda outlet … particularly focused on supporting Russia‑backed forces in Ukraine,” sanctioned following President Vladimir Putin’s launch of the “military operation” in Ukraine.

NewsFront has been registered in Bratislava since 2017, is owned by Russian nationals, and has also provided services for Moscow’s state-owned organizations, such as the TASS news agency and the MGIMO university. (Rojoef Manuel / The Defense Post)

Related: Aktuality, Ján Kuciak Investigative Center, MilitarNYI, UNN, European Pravda

TikTok is trying to talk with Canada about security solutions that would spare the popular video app from a looming order to shut operations in the country.

So far, its pleas have fallen on deaf ears, said Steve de Eyre, director of TikTok’s government affairs for Canada, in an interview. “We are still looking to get to the table,” he said.

TikTok, owned by China-based ByteDance Ltd., started this month to freeze spending on cultural programs and sponsorships, following a November directive to close its Canadian unit, which cited national security concerns. TikTok would still be available on app stores for Canadians to use after the shutdown.

TikTok Chief Executive Officer Shou Zi Chew wrote to Industry Minister Melanie Joly on July 2 requesting an urgent in-person meeting within the next two weeks.

He wrote: “The windup process is rapidly approaching a critical juncture where, unless you intervene, TikTok will be forced to fire all of its Canadian employees,” as well as halting investment and support for creators.

In other countries where it has faced concerns, TikTok has set up systems to fence off user data to prevent it from being sent to China. These were dubbed Project Texas in the US and Project Clover in the EU.

Asked if TikTok has pitched Canada an equivalent like “Project Maple,” de Eyre said: “Maybe it would be Project Maple. But we need to sit down, understand the concerns that Canada has, and we want to build a solution that would provide greater data security, greater oversight, and accountability where there are these concerns.” (Thomas Seal / Bloomberg)

Related: CTV News, The Globe and Mail, Mitrade, Cryptopolitan, The Canadian Press

Digital deception publication Indicator analyzed 85 nudify and “undress” websites and found that most of the sites rely on tech services from Google, Amazon, and Cloudflare to operate and stay online, generating a combined average of 18.5 million visitors for each of the past six months and collectively earning up to $36 million per year.

According to the research, Amazon and Cloudflare provide hosting or content delivery services for 62 of the 85 websites, while Google’s sign-on system has been used on 54 of the websites. The nudify websites also use a host of other services, such as payment systems, provided by mainstream companies.

Amazon Web Services spokesperson Ryan Walsh says AWS has clear terms of service that require customers to follow “applicable” laws. “When we receive reports of potential violations of our terms, we act quickly to review and take steps to disable prohibited content,” Walsh says, adding that people can report issues to its safety teams.

Based on calculations combining subscription costs, estimated customer conversion rates, and web traffic, the sites sent to payment providers, the researchers estimate that 18 of the websites made between $2.6 million and $18.4 million in the past six months, which could equate to around $36 million a year. (Matt Burgess / Wired)

Related: Indicator Media

The UK National Cyber Security Centre (NCSC) announced a new Vulnerability Research Initiative (VRI) that aims to strengthen relations with external cybersecurity experts.

The agency already conducts internal vulnerability research on a wide range of technologies and will continue to do so. However, the launch of VRI will create a parallel program designed to improve the discovery and sharing of critical insights with the community more expeditiously.

The VRI is a structured collaboration between the NCSC and external cybersecurity researchers to improve the UK's capabilities in identifying and understanding software and hardware vulnerabilities.

NCSC will partner with skilled external vulnerability researchers who will be given objectives to identify flaws in specific products of interest, assess proposed mitigations, and finally disclose the flaws through the 'Equities Process' procedure.

The researchers will also submit to the NCSC details about the tools they used and the methodologies they followed during their VR activities, to help develop a framework of effective practices.

Interested security specialists are invited to email vri@ncsc.gov.uk with their skills and focus areas. (Bill Toulas / Bleeping Computer)

Related: NCSC, Security on Screen

The European Commission announced that France, Spain, Italy, Denmark, and Greece will test a blueprint for an age verification app intended to guide online platforms to protect children by tackling addictive design, cyberbullying, harmful content, and unwanted contact from strangers.

The setup for the age verification app is built on the same technical specifications as the European Digital Identity Wallet which will be rolled out next year. The five countries can customise the model according to their requirements, integrate into a national app or keep it separately.

The EU executive also published guidelines for online platforms to take measures to protect minors as part of their compliance with the bloc's Digital Services Act (DSA). The landmark legislation, which became applicable last year, requires Alphabet's Google, Meta Platforms, ByteDance's TikTok, and other online companies to do more to tackle illegal and harmful online content. (Foo Yun Chee / Reuters)

Related:  Euractiv, European Commission, European Commission, Biometric Update, Deadline, Agenzia ANSA, European Commission, MLex, Le Monde, r/discord, r/privacy, r/Denmark, r/europe, Slashdot

Reddit announced it has started verifying UK users' ages before letting them "view certain mature content" to comply with the country's Online Safety Act.

Reddit said that users "shouldn't need to share personal information to participate in meaningful discussions," but that it will comply with the law by verifying age in a way that protects users' privacy. "Using Reddit has never required disclosing your real world identity, and these updates don't change that," Reddit said.

Reddit said it contracted with the company Persona, which "performs the verification on either an uploaded selfie or a photo of your government ID. Reddit will not have access to the uploaded photo, and Reddit will only store your verification status along with the birthdate you provided so you won't have to re-enter it each time you try to access restricted content."

Reddit said that Persona made promises about protecting the privacy of data. "Persona promises not to retain the photo for longer than 7 days and will not have access to your Reddit data, such as the subreddits you visit," the Reddit announcement said. "Your birthdate is never visible to other users or advertisers, and is used to support safety features and age-appropriate experiences on Reddit."

Related: Reddit, Reddit, Mashable, Mediaweek, BBC, TechIssuesToday.com, The Verge, Rappler, r/ukpolitics, r/technology, r/privacy, r/RedditSafety, r/uknews, r/europe_sub, r/europe, r/unitedkingdom, 

The US Cybersecurity and Infrastructure Security Agency (CISA) warned that a vulnerability in products from the file transfer company Wing FTP Server is being actively exploited.

The agency confirmed industry reports of exploitation, adding it to the Known Exploited Vulnerabilities (CVE) catalog and ordering all federal civilian agencies to patch the bug by August 4.

In the CVE entry, CISA said the bug carries a 10 out of 10 severity score and “guarantees a total server compromise.”

Wing FTP Server is a file transfer protocol software for Windows, Linux, and macOS that is used by thousands of organizations to transfer files, including the US Air Force, Airbus, Sephora, Reuters, Sony, and others.

Last month, cybersecurity researcher Julien Ahrens published a lengthy examination of the vulnerability, now listed as CVE-2025-47812. Two weeks later, incident responders at cybersecurity firm Huntress said they saw active exploitation of a customer on July 1 and urged organizations to update their Wing FTP Server to version 7.4.4 as soon as possible. (Jonathan Greig / The Record)

Related: CISA, Bleeping Computer, ShadowServer

Authorities and researchers are intensifying warnings about active exploitation and pervasive scanning of a critical vulnerability affecting multiple versions of posed products.

There is now widespread agreement among security professionals that the critical vulnerability, CVE-2025-5777, which Citrix disclosed on June 17, is serious and harkens back to a 2023 defect in the same products: “CitrixBleed,” or CVE-2023-4966.

Threat hunters are scrambling to assess and stop the strikingly similar challenges posed by exploits of the newest CVE.

For some Citrix customers, the warnings are too late. Vulnerability scans confirm active exploits occurred within a week of disclosure, and attackers have been swarming, hunting for exposed instances of the impacted devices since exploit details were publicly released earlier this month.

One cluster of activity is likely originating from China, based on access times and access methods, who have been targeting these sectors based on SSL certificates.

A ransomware group that has had the exploit since June is using it for initial access. Over the weekend, Imperva said they’ve seen 12 million attack attempts so far, with almost 40% aimed at financial services. (Matt Kapko / Cyberscoop and Kevin Beaumont / Double Pulsar)

Related: BankInfoSecurity, Imperva

According to a listing with the US Department of Health and Human Services, medical billing giant Episource is notifying over 5.4 million people across the United States that their personal and health information was stolen in a cyberattack earlier this year.

In notices filed in California and Vermont on Friday, Episource said a criminal was able to “see and take copies” of patient and member data from its systems during the weeklong breach ending February 6.

The stolen information includes personal information, such as names, postal and email addresses, and phone numbers, as well as protected health data, including medical record numbers, and data relating to doctors, diagnoses, medications, test results, imaging, care, and other treatment. The stolen data also contains health insurance information, like health plans, policies, and member numbers.

Episource did not describe the nature of the incident. However, Sharp Healthcare, one of the companies that works with Episource and was affected by the cyberattack, told its customers that the Episource hack was caused by ransomware. (Zack Whittaker / TechCrunch)

Related: US Department of Health and Human Services, California Attorney General, Vermont Attorney General

The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak.

The Echo Chamber jailbreak attack developed by NeuralTrust was described on June 23, 2025. xAI’s latest Grok-4 was released on July 9, 2025. Two days later, it fell to a combined Echo Chamber and Crescendo jailbreak attack.

The key element is to never directly introduce a dangerous word that might trigger the LLM’s guardrail filters.

Microsoft first described Crescendo in April 2024. It gradually coaxes LLMs into bypassing safety filters by referencing their prior responses.

Echo Chamber and Crescendo are both ‘multi-turn’ jailbreaks that are subtly different in the way they work. The critical point here is that they can be used in combination to improve the efficiency of the attack. They work because of LLMs’ inability to recognize evil intent in context rather than individual prompts.

NeuralTrust researchers attempted to jailbreak the new Grok-4 guardrails using Echo Chamber to trick the LLM into providing a manual to produce a Molotov cocktail. “While the persuasion cycle nudged the model toward the harmful goal, it wasn’t sufficient on its own,” writes the firm. “At this point, Crescendo provided the necessary boost. With just two additional turns, the combined approach succeeded in eliciting the target response.” (Kevin Townsend / Security Week)

Related: NeuralTrust, CSO Online, WinBuzzer, Infosecurity Magazine, Hack Read

On the same day xAI announced that its new Grok 4 tool will now be available to the federal government, cybersecurity researchers at SplxAI released new research that subjected the large language model to more than 1,000 different attack scenarios.

Smart system prompting on the front end can make a difference in the model’s ability to handle security and privacy challenges.

“The first thing we found is that Grok without a system prompt is not suitable for enterprise usage, it was really easy to jailbreak and it was generating harmful content with very descriptive and detailed responses,” Dorian Granoša, SplxAI’s lead red-team researcher, said.

While it is not uncommon for large language models to require some security prompting to harden against jailbreaking, data leakage, and harmful content generation, Grok 4 notably lags some of its biggest competitors on this front.

Grok 4 performs considerably worse on security and safety than base models from competitor ChatGPT-4o.

The research underscores lingering concerns about Grok’s safety and reliability for enterprise use, a week after the model began spouting antisemitic and Nazi rhetoric following a code update, according to a July 12 post by the company on X. (Derek B. Johnson / Cyberscoop)

Related: splx

Ransomware gang DragonForce today took credit for a May 2025 cyber attack against US department store chain Belk, with the threat actor saying it stole 156 GB of data from the company.

Belk, on June 5, 2025, notified victims of a data breach that compromised names and Social Security numbers, but it has not disclosed how many people it notified. The cyber attack disrupted both online and in-person operations at Belk stores for several days.

“Specifically, Belk was the victim of a cyber incident in which an unauthorized third party gained access to certain corporate systems and data between May 7-11, 2025,” says Belk’s notice (PDF) to victims. “After discovering the incident on May 8, 2025, Belk worked diligently with third-party cybersecurity experts to determine the source and scope of this unauthorized access. Belk concluded that the third party obtained certain internal documents related to Belk.”

Belk is offering victims 12 months of free credit monitoring through Epiq Privacy Solutions ID, which includes $1 million in identity theft insurance. (Paul Bischoff / Comparitech)

Related: Security Week, Chain Store Age, TechNadu

Over the 12 days of recent attacks, Israel and Iran turned social media into a digital battlefield, using deception and falsehoods to try to sway the outcome even as they traded kinetic missile strikes that killed hundreds and roiled an already turbulent Middle East.

The posts, researchers said, represented a greater intensity of information warfare, by beginning before the strikes, employing artificial intelligence and spreading widely so quickly.

Iran, for example, sent alerts in Hebrew to thousands of Israeli mobile phones warning recipients to avoid bomb shelters because militants planned to infiltrate them and attack those inside, according to researchers and official statements. A network of accounts on X attributed to Israel spread messages in Persian, trying to erode confidence in Iran’s government, including ones narrated by an AI-generated woman.

The torrent of propaganda and deception offers a preview of what the United States or other nations would almost certainly face if war erupted. False images of destroyed B-2 bombers appeared online when President Trump ordered strikes on Iran’s deeply buried nuclear sites. (Steven Lee Myers, Natan Odenheimer, and Erika Solomon / New York Times)

Related: Times of India

According to the DFIR Report and Proofpoint, hackers have adopted a new technique called 'FileFix' in Interlock ransomware attacks to drop a remote access trojan (RAT) on targeted systems.

This shift in modus operandi was observed by researchers at The DFIR Report and Proofpoint since May. Back then, visitors of compromised sites were prompted to pass a fake CAPTCHA + verification, and then paste into a Run dialog content automatically saved to the clipboard, a tactic consistent with ClickFix attacks.

The trick led users to execute a PowerShell script that fetched and launched a Node.js-based variant of the Interlock RAT.

In June, researchers found a PHP-based variant of Interlock RAT used in the wild, which was delivered using the same KongTuke injector.

Earlier this month, a significant change in the delivery wrapper occurred, with Interlock now switching to the FileFix variation of the ClickFix method as the preferred delivery method.

FileFix is a social engineering attack technique developed by security researcher mr.d0x. It's an evolution of the ClickFix attack, which became one of the most widely employed payload distribution methods over the past year.

Post-infection, the RAT executes a series of PowerShell commands to gather system and network information and exfiltrates this data as structured JSON to the attacker. (Bill Toulas / Bleeping Computer)

Related: The DFIR Report, Quorum Cyber, Dark Reading

Firmware security company Binarly, who shared their findings with Carnegie Mellon University’s CERT Coordination Center (CERT/CC), reports thatThe original firmware supplier is American Megatrends Inc. (AMI), which addressed the issues after a private disclosure, but some OEM firmware builds (e.g., Gigabyte's) did not implement the fixes at the time.

The vulnerabilities could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode (SMM), an environment isolated from the operating system (OS) and with more privileges on the machine.

The original firmware supplier is American Megatrends Inc. (AMI), which addressed the issues after a private disclosure but some OEM firmware builds (e.g. Gigabyte's) did not implement the fixes at the time.

Binarly researchers notified Carnegie Mellon CERT/CC about the issues on April 15, and Gigabyte confirmed the vulnerabilities on June 12, followed by the release of firmware updates, according to CERT/CC.

After initial reports of these security issues floated, Gigabyte published a security bulletin. (Bill Toulas / Bleeping Computer)

Related: CERT Coordination Center, Gigabyte

The US Department of Defense said it’s granting contract awards of up to $200 million for artificial intelligence development at Anthropic, Google, OpenAI, and xAI.

The DoD’s Chief Digital and Artificial Intelligence Office said the awards will help the agency accelerate its adoption of “advanced AI capabilities to address critical national security challenges.” The companies will work to develop AI agents across several mission areas at the agency.

“The adoption of AI is transforming the Department’s ability to support our warfighters and maintain strategic advantage over our adversaries,” Doug Matty, the DoD’s chief digital and AI officer, said.

Elon Musk’s xAI also announced Grok for Government on Monday, which is a suite of products that make the company’s models available to US government customers. The products are available through the General Services Administration (GSA) schedule, which allows federal government departments, agencies, or offices to purchase them. (Ashley Capoot / CNBC)

Related: Chief Digital and Artificial Intelligence Office (CDAO), Reuters, Washington Post, xAI, Forbes, The Guardian, The Register, Anthropic, StrictlyVC, The Register, Analytics India Magazine, Livemint, CBS News, Benzinga, The Hollywood Reporter, New Republic, Google Cloud Blog, Newser, Fortune, NERDS.xyz, Washington Examiner, DefenseScoop, Computerworld, Maginative, Wall Street Pit, Hürriyet Daily News, Gizmodo, The Information, Axios, Punchbowl News, Constellation Research, Hacker News,  r/artificial, r/inthenews, r/technolog, r/politics, r/army, r/technology, r/BrandNewSentence, r/BetterOffline, r/news, r/artificial, r/technology, r/Military

South Korean telecommunications giant KT said it will invest more than 1 trillion won ($724 million) over the next five years to fortify cybersecurity, amid heightened consumer concerns following a massive data breach at bigger rival SK Telecom.

The planned investment surpasses SKT’s 700 billion won pledge announced on July 4. SKT, the country’s largest mobile carrier, made the commitment following a large-scale cyberattack and subsequent data breach of customers’ USIM data in April, prompting calls for an industrywide security overhaul.

KT, however, said the investment was already in development before the SKT breach. Hwang Tae-sun, KT’s chief information security and privacy officer, said during a media briefing in Seoul that a string of data breaches at major US carriers, including AT&T, T-Mobile, and Verizon, in 2023 prompted the company to take action. (Ahn Sung-mi / Korea Herald)

Related: The Korea Times, KoreaJoongAng Daily

Virtru, a Washington, DC-based data security company that developed technology now used by US defense and intelligence agencies, announced it raised $50 million in a Series D venture funding round.

ICONIQ led the round with participation from Bessemer Venture Partners, Foundry, and The Chertoff Group. (Greg Otto / Cyberscoop)

Related: Fortune, Business Wire, VC News Daily, ExecutiveBiz, Silicon Angle, BankInfoSecurity

Zip Security, a provider of a platform for security, compliance, and IT automation for businesses, announced it had raised $13.5 million in a Series A venture funding round.

Ballistic Ventures led the round with participation from Silver Buckshot, Mantis VC, General Catalyst, Human Capital, and Box Group. (Dan Primack / Axios)

Related: PR Newswire, ChannelE2E, FinSMEs

Best Thing of the Day: Meta Doing Something Right

Meta announced it will take additional measures to crack down on accounts sharing “unoriginal” content to Facebook, meaning those that repeatedly reuse someone else’s text, photos, or videos. 

Worst Thing of the Day: Let's Kill All the Diplomats and Let China Prevail

Eradicated in the Trump administration's purge of State Department employees, the Bureau of Cyberspace and Digital Policy, which handled US engagement with partner countries to prevent China from prevailing in AI and 5G wireless technologies, and in global data policy.

Bonus Worst Thing of the Day: Well, This Is Not Subtle

When asked, Grok 4 Heavy, which costs $300 per month, returns its surname and no other text: "Hitler. 

Closing Thought