The US Army booted Easterly from West Point post to pacify a conspiracy theorist

Army Secretary Dan Driscoll said he had rescinded a West Point job offer extended to former Cybersecurity and Infrastructure Security Agency director Jen Easterly after far-right activist Laura Loomer highlighted the hiring on social media.

In an X post, Loomer tagged Defense Secretary Pete Hegseth and said that “some of your underlings are trying to screw you” and that there are “clearly a lot of Biden holdovers at DOD undermining the Trump admin.”

Loomer said that Easterly “brought in” Nina Jankowitz, a former DHS official who ran the now‑shuttered Disinformation Governance Board, casting her as part of a network of officials she accused of working against President Donald Trump.

Army Secretary Dan Driscoll, in a follow-up X post, said that Easterly’s offer was rescinded and that he’s pausing outside groups from selecting academy employees and instructors.

A LinkedIn post announcing Easterly’s hiring has since been removed. The role of the McDermott Chair was established to attract senior leaders whose blend of scholarship and experience can help train cadets for modern-day military service.

CISA has been the target of the Trump White House for myriad reasons. In 2020, Trump falsely claimed the election that year was rigged and stolen from him. After former CISA director Chris Krebs said the election was the “most secure in American history,” the president fired him. Krebs, as well as his former private sector employer, have since been targeted by the second Trump administration.

The cyber agency has also drawn criticism from Trump and other members of the GOP for its past efforts to combat mis- and disinformation posted about the 2020 election, COVID-19, and other flashpoint issues on social media. The relatively minor efforts involved notifying companies of online content that contained elements of misinformation or disinformation by both foreign adversaries and domestic actors. (David DiMolfetta / NextGov/FCW)

Related: Cyberscoop, Associated Press, Axios, New York Times, Politico, The Hill, CNN, Homeland Security Today

In early February, Edward “Big Balls” Coristine was one of two operatives for Elon Musk’s so-called Department of Government Efficiency granted potentially wide-ranging access to several systems at the Small Business Administration and through that gained access to the National Finance Center, a sensitive system that provides human resources and payroll functions for the Department of Justice, Department of Homeland Security, and the Federal Bureau of Investigation, among other agencies.

Coristine is a 19-year-old who was one of DOGE’s earliest hires and was brought on as a permanent government employee at the General Services Administration (GSA) before resigning and then resurfacing as a special government employee at the Social Security Administration. He and Donald Park, a Brazilian jiujitsu enthusiast and private equity investor, have previously been identified as DOGE operatives at the SBA who sought access to HR, contracting, and payment systems and information. Neither replied to requests for comment.

Records reviewed by WIRED show that within five hours of a request from the office of the SBA’s chief information officer that they be given access to SBA systems, Park and Coristine—who went by the online name “Big Balls” and had reportedly been fired from an internship at a network monitoring firm known for hiring reformed blackhat hackers, after being suspected of leaking internal information—were granted entrance to the agency’s core financial and loan systems. Not long after that, Coristine had access to NFC systems not even housed within the SBA, the agency to which he had been detailed. (Vittoria Elliott / Wired)

Related: r/fednews

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players.

The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied “promo code,” interested players can claim a $2,500 credit on the advertised gaming website.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of highly polished video games that ask users to bet on each action.

The financial part of this scam begins when users try to cash out any “winnings.” At that point, the gaming site will reject the request and prompt the user to make a “verification deposit” of cryptocurrency — typically around $100 — before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments.

Silent Push’s Zach Edwards said the proprietors of this scambling empire are spending big money to make the sites look and feel like some fancy new type of casino. (Brian Krebs / Krebs on Security)

Bengaluru-based CoinDCX reported a $44 million crypto theft, potentially involving North Korean hackers.

The stolen currencies were moved to a single wallet, apparently controlled by North Korean hackers.

Investigations are underway to determine if an insider whose login credentials were used to breach the company was complicit in the heist. (Times of India)

Related: Hindustan Times, India Today, Oneindia, The New Indian Express, Free Press Journal

According to the Center for Internet Security (CIS), over 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft SharePoint server software.

CIS said it did not have evidence that the hackers had broken through.

"None have resulted in confirmed security incidents," Randy Rose, the center's vice president of security operations and intelligence, said.

A spokesperson for one of the US Department of Energy's 17 national labs said the Fermi National Accelerator Laboratory. "The attackers were quickly identified, and the impact was minimal, with no sensitive or classified data accessed." (Raphael Satter / Reuters and Cameron Fozi / Bloomberg

Related: Silicon UK, Reuters

The cost of a ransomware attack against the City of Hamilton last year has ballooned to more than $18 million.

An updated report says the total cost incurred up to June 30 is $18.3 million. That’s significantly higher than the previously reported cost of $9.6 million in October of last year.

The city says over $14 million of the updated amount has been paid to external experts, while over $1 million each has been put towards infrastructure, staffing, and other related costs.

“Recovery efforts remain ongoing, and future financial impacts are anticipated as systems and processes continue to mature,” the report says.

The city says it has successfully recovered or rebuilt most of the affected systems.

However, they say a limited number of services were unrecoverable, including the finance business management application suite, development and permit applications and licensing, fire department records management, public health inspection application, traffic signal systems management, museum collections management solution, and the utility locates application. (Laura Sebben / CTV News)

Related: Village Report, r/CrimeInTheGta, The Hamilton Spectator

Hackers who breached US insurance giant Allianz Life earlier this month stole reams of customer Social Security numbers, according to notifications filed with several US states.

In a new filing with the Texas attorney general, Allianz Life said the hackers stole names, dates of birth, postal addresses, and Social Security numbers from its database. A separate filing with the Massachusetts attorney general’s office also confirmed Social Security numbers were taken in the breach. (Zack Whittaker / TechCrunch)

Related: Attorney General of Texas, Mass.gov

UK regulator Ofcom is investigating four companies, operating a total of 34 porn sites, over whether they are complying with its new age check requirements.

The regulator said last week that over 6,000 sites allowing pornography and other adult content would start using "highly effective" tools to verify or estimate whether users were over or under the age of 18.

But Ofcom says some sites may be ignoring its new rules - designed to stop children stumbling across porn or other content deemed harmful by lawmakers.

It has opened formal probes into 8579 LLC, AVS Group Ltd, Kick Online Entertainment S.A., and Trendio Ltd, which it says have more than nine million monthly visitors combined across their sites.

"These companies have been prioritised based on the risk of harm posed by the services they operate and their user numbers," Ofcom said. (Liv McMahon / BBC News)

Related: Ofcom, The Independent, Reuters, LadBible, Sky News, Digit, Euractiv

A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, and not, as many have assumed, Scattered Spider, with ShinyHunters using voice phishing attacks to steal data from Salesforce CRM instances.

In June, Google's Threat Intelligence Group (GTIG) warned that threat actors tracked as UNC6040 were targeting Salesforce customers in social engineering attacks.

In these attacks, the threat actors impersonated IT support staff in phone calls to targeted employees, attempting to persuade them to visit Salesforce's connected app setup page. On this page, they were told to enter a "connection code", which linked a malicious version of Salesforce's Data Loader OAuth app to the target's Salesforce environment.

In some cases, the Data Loader component was renamed to "My Ticket Portal" to make it more convincing in the attacks.

GTIG says that these attacks were usually conducted through vishing (voice phishing), but credentials and MFA tokens were also stolen through phishing pages that impersonated Okta login pages.

The Qantas data breach also involved a third-party customer relationship management platform; the company will not confirm it is Salesforce. However, previous reporting from local media claims the data was stolen from Qantas' Salesforce instance.

Furthermore, court documents state that the threat actors targeted "Accounts" and "Contacts" database tables, both of which are Salesforce objects.

The attacks have not led to public extortion or data leaks yet; the threat actors are attempting to privately extort companies over email, where they name themselves as ShinyHunters.

It is believed that when these extortion attempts fail, the threat actors will release stolen information in a long wave of leaks, similar to ShinyHunter's previous Snowflake attacks. (Lawrence Abrams / Bleeping Computer)

Related: Cyber Daily

Researchers at Group-IB report that the UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack that connected the Raspberry Pi to an ATM network switch, creating an invisible channel into the bank's internal network, allowing the attackers to move laterally and deploy backdoors.

The goal of the attack was to spoof ATM authorization and perform fraudulent withdrawals of cash.

While LightBasin failed at that, the incident is a rare example of an advanced hybrid (physical+remote access) attack that employed several anti-forensics techniques to maintain a high degree of stealthiness.

The particular group is notorious for attacking banking systems, as Mandiant highlighted in a 2022 report presenting the then-new Unix kernel rootkit "Caketap," created for running on Oracle Solaris systems used in the financial sector. (Bill Toulas / Bleeping Computer)

Related: Group-IB, Ars Technica, SC Media

After poring over US Justice Department indictments of prominent Chinese hackers and mapping them to a web of private companies, researchers at SentinelOne discovered more than 10 patents for powerful offensive cybersecurity technologies filed by a well-known Chinese company allegedly involved in Beijing’s Silk Typhoon campaign.

Their findings focus on intellectual property rights filings by Shanghai Firetech, a company the DOJ said works on behalf of the Shanghai State Security Bureau (SSSB). The company was allegedly involved in many of the Silk Typhoon attacks and was previously identified as part of the Hafnium attacks seen in 2021.

The researchers found previously unseen patents on offensive technologies tied to Shanghai Firetech, SentinelLabs expert Dakota Cary said.

The findings suggest the company “serves other offensive missions not tied to the Hafnium cluster,” he said. (Jonathan Greig / The Record)

Related: SentinelLabs, Dark Reading

The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month.

Earlier this month, Ingram Micro also suffered a global outage caused by the SafePay ransomware attack, with employees told to work from home and the company's website and ordering systems taken offline.

However, the company has yet to confirm that SafePay ransomware was behind the breach and whether the attackers stole data from its compromised systems. (Sergiu Gatlan / Bleeping Computer)

Related: CSO Online, Cyber Daily, Computing, The Register

According to IBM's 2025 Cost of a Data Breach report, for the first time in five years, the average costs associated with a data breach globally have fallen, dropping to $4.4 million.

However, the costs of a breach in the US grew precipitously to more than $10 million. 

Steeper regulatory penalties and the rising cost of detection systems drove the cost increases in the US. 

The global average cost of a data breach fell from $4.88 million in 2024, a 9% decrease that now matches numbers seen in 2023. Globally, organizations are becoming faster at identifying breaches and containing them using automated tools. (Jonathan Greig / The Record)

Related: IBM, Cyberscoop, Security Week, Venture Beat, Network World, The Record, Channel Futures, WebProNews, BankInfoSecurity, The Register

The controversial automatic license plate reader (ALPR) company Flock Safety is preparing to roll out its network of surveillance cameras to schools.

School safety company Raptor Technologies says it will integrate Flock cameras into a product designed to enhance dismissal procedures.

The announcement comes as Atlanta-based Flock has drawn attention from privacy advocates and other groups in recent months.

In May, Texas authorities reportedly performed a nationwide search, combing through images from more than 83,000 Flock cameras to track down a woman they said had self-administered an abortion. The search allegedly included a probe of footage collected in states where abortion is legal.

A lawsuit filed by the nonprofit law firm the Institute for Justice contends that Flock “maintains a centralized database with over one billion license plate reads every month.” The lawsuit is seeking to force authorities in Norfolk, Virginia, to stop using Flock cameras.

About 4,500 law enforcement agencies and 1,000 businesses across the country have installed Flock cameras, which are used to track vehicles, including by allowing police to conduct nationwide searches of where they travel. (Suzanne Smalley / The Record)

Related: Raptor Technologies

The Python Software Foundation warned users that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website.

"PyPI has not been hacked, but users are being targeted by a phishing attack that attempts to trick them into logging in to a fake PyPI site. Over the past few days, users who have published projects on PyPI with their email in package metadata may have received an email titled '[PyPI] Email verification' from the email address noreply@pypj.org," the PyPI admin Mike Fiedler cautioned.

"This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI. The email instructs users to follow a link to verify their email address, which leads to a phishing site that looks like PyPI but is not the official site."

The attackers are harvesting user credentials, which will likely be used in future attacks to infect Python packages they've uploaded to PyPI with malware or to upload new malicious packages onto the platform. (Sergiu Gatlan / Bleeping Computer)

Related: The Python Package Index Blog, GBHackers, Cyber Security News, Security Affairs

Dropbox has given users of its password manager until the end of October to extract their data before pulling the plug on the service.

The discontinuation of Dropbox Passwords will happen in phases. In less than a month, on August 28, Dropbox Passwords will become view-only in both the mobile app and browser extension, and the autofill functionality will be deactivated.

On September 11, the mobile app will stop working altogether, although data will remain accessible through the browser extension.

Finally, on October 28, Dropbox Passwords will be entirely discontinued. Users will lose access to all their data, and all saved usernames, passwords, and payment information will be "permanently and securely deleted."

Dropbox has recommended 1Password as a replacement. While the service is an adequate password manager, it is prone to the occasional glitch. Users will need to pay a subscription once 1Password's free trial ends. (Richard Speed / The Register)

Related: Dropbox Help Center, How-To Geek, Engadget, The Verge, The Sun, 9to5Mac, SlashGear, Neowin, Windows Report, Android Authority, TechRadar, WebProNews, Ghacks, CyberInsider, PCMag, Forbes, Slashdot

Discount retail giant Dollar Tree denied that its systems were impacted by ransomware after the cybercriminal operation Inc Ransomware claimed to have attacked the company.

A company spokesperson told Recorded Future News that it is aware of the claims but said they believe the group actually targeted 99 Cents Only Stores — another discount shopping chain that declared bankruptcy last year and has since shut down.

“The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure,” the spokesperson said.

“We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate.”

Inc claimed on its leak site that it attacked Dollar Tree and exfiltrated 1.2 terabytes of sensitive and personal data.

The leak site post contains samples of the stolen data, including scans of passports, and quotes the Dollar Tree press release announcing its acquisition of 99 Cents Only leases.

Emails sent to accounts connected to 99 Cents Only Stores bounced back, and the company no longer has a website. (Jonathan Greig / The Record)

Related: HackRead, Cyber Daily

Cybersecurity startup Noma Security, which develops a platform for AI and agent security, announced it had raised $100 million in a Series B venture funding round.

Evolution Equity Partners led the round with participation from existing investors Ballistic Ventures and Glilot Capital Partners. (Meir Orbach / CTech)

Related: PR Newswire, Wall Street Journal

Cybersecurity startup Safe Security announced it had raised $70 million in a Series C venture funding round.

Avataar Ventures led the round with participation from Susquehanna Asia Venture Capital, NextEquity Partners, Prosperity7 Ventures, and existing backers including Eight Roads, John Chambers, and Sorenson Capital. (Navneet Singh / BW Disrupt)

Related: PR Newswire, The Economic Times, Entrackr

Cybersecurity company Legion announced that it had raised $38 million in seed and Series A venture funding rounds.

Accel and Picture Capital led the round with participation from Coatue and angel investors who work at companies including Google, CrowdStrike, and Wiz. (Alexandra Sternlicht / Fortune)

Related: Globes, SiliconANGLE, Security Week, Crowdfund Insider, CTech

API and agentic AI security company Wallarm announced it had raised $50 million in a Series C venture funding round.

Toba Capital led the round. (Eduard Kovacs / Security Week)

Related: PR Newswire

Enterprise cybersecurity automation platform Blink Operations announced it had raised $50 million in a Series B venture funding round.

Eyal Ofer's O.G. Venture Partners led the round, with existing investors Lightspeed Venture Partners and Hetz Ventures also participating in the round alongside Vertex Growth. (Duncan Riley / Silicon Angle)

Related: Business Wire, CTech, Security Week, MSSP Alert, FinTech Global, Pulse 2.0

Dawnguard, a cybersecurity startup focused on intelligent, design-first security, has emerged from stealth with $3 million in pre-seed funding.

9900 Capital led the round with a group of angel investors, from scale-up founders to experienced CIOs and CISOs also participating. (CityBiz)

Related: Intelligent CIO, Tech Funding News, EU-Startups, Silicon Canals, TechEU

Best Thing of the Day: 'Superintelligence' is Code for 'Scared'

Tech journalism pioneer and venture capitalist Om Malik roasted Meta's Mark Zuckerberg for his memorandum on "Superintelligence," concluding that Zuckerberg always produces a "manifesto" when he's feeling insecure, this time about Meta's AI progress.

Worst Thing of the Day: Not a Single Trustworthy Entity in the Bunch

Leading US technology companies, including Amazon, Anthropic, Apple, Google, and OpenAI, have pledged to work with health systems and the Trump administration to make the nation’s fragmented medical data more useful for patients and providers.

Closing Thought