Top Tech Headlines for July 24, 2025

Today’s tech rundown is packed: ransomware gangs get busted, AI tools go live, and hackers are hiding behind everything from cute panda pics to WordPress plugins. Here’s what’s happening in cybersecurity and technology today.

BlackSuit Ransomware Sites Seized in Global Takedown

Authorities have shut down the leak sites of BlackSuit, a notorious ransomware operation that hit hundreds of organizations worldwide. Known for its data extortion tactics, BlackSuit's infrastructure was taken offline in “Operation Checkmate.” This is a major win in the ongoing war against cybercrime.

ChatGPT Agent Now Rolling Out to Plus Users

OpenAI has started rolling out the ChatGPT Agent to users subscribed to its $20/month Plus plan. The feature allows ChatGPT to perform proactive actions on your behalf—essentially becoming your digital assistant. The rollout will take a few days to reach everyone.

Koske Linux Malware Hiding in Panda JPEGs

A new Linux malware strain dubbed Koske is leveraging AI to embed itself in adorable panda images. The malware loads directly into memory, making it difficult to detect. Another reminder to think twice before opening even the cutest attachments.

Malware Found in Early Access Steam Game

An attacker tricked gamers by hiding info-stealing malware inside an indie Steam game. Going by the name EncryptHub, the hacker used early access as a trojan horse. Gamers, as always, should stay cautious when downloading lesser-known titles.

Mitel Patches Critical Enterprise Phone Vulnerability

Mitel has pushed out critical security updates for its MiVoice MX-ONE platform after discovering an authentication bypass bug. The flaw allows attackers full access with no password required. Enterprises relying on MiVoice should patch immediately to avoid being compromised.

Dev Supply Chain Hit as Toptal GitHub Account Breached

Hackers accessed Toptal's GitHub and deployed ten malicious npm packages. This highlights ongoing supply chain risks in modern development workflows. Developers should double check dependencies and audit package sources.

SonicWall Issues Emergency Patch for SMA 100 RCE Vulnerability

SonicWall has warned users of a critical flaw that could allow remote code execution in SMA 100 VPN devices. The vulnerability stems from an unauthenticated file upload bug. They’ve released a patch—admins should update immediately.

Chinese APT Group Deploys Warlock Ransomware on SharePoint

A hacking group known as Storm-2603 is actively exploiting vulnerabilities in Microsoft SharePoint to deploy the Warlock ransomware. Over 400 victims have reportedly been affected. Make sure all SharePoint servers are up to date.

Brave Browser Blocks Windows Recall From Spying

Privacy-first browser Brave will now block Microsoft's Windows Recall feature from screenshotting browser windows. With growing concerns over surveillance-style features built into OSs, this move is a win for personal privacy online.

Telecoms Move AI from Buzzword to Backend Strategy

According to GSMA Intelligence, 2025 is the year telecom providers finally put artificial intelligence to work, automating network management and improving user experience. This signals a broader trend of AI becoming functionally embedded in telecom infrastructure.

Goldman Sachs and BNY Mellon Tokenize Money Market Funds

Big banks are going blockchain. Goldman Sachs and BNY Mellon have allowed institutional clients to buy tokenized money market funds, modernizing cash management for the digital age. This could change how traditional banking meets decentralized tech.

CastleLoader Malware Spreads via GitHub, ClickFix Campaign

The CastleLoader campaign compromised nearly 500 devices using fake GitHub repos and a phishing framework called ClickFix. It's part of a growing trend toward using developer tools and targeted lures in malware delivery.

Fire Ant Attackers Exploit VMware ESXi and vCenter

The Fire Ant group is exploiting VMware vulnerabilities to gain persistent access to isolated networks. Admins should review patch levels on ESXi and vCenter environments ASAP to avoid silent breaches.

Sophos and SonicWall Patch Firewalls Against RCE Threats

Both Sophos and SonicWall have issued critical updates addressing remote code execution flaws in their firewall devices. If you're running affected models, apply the updates to maintain your security perimeter.

Permanently Embedded Backdoors Found in WordPress Mu-Plugins

Hackers are using WordPress mu-plugins to install stealthy backdoors, allowing them to retain admin-level access without detection. If you're running WordPress, it's time for an audit—especially if you use multisite plugins.

Cybercrime Forum Admin Arrested in Ukraine

After 12 years on the run, the admin of the infamous XSS.is cybercrime forum was arrested in Kyiv by Europol. The forum had more than 50,000 users and was a key hub for black-market exploits and data. It's a major victory for international law enforcement.

Chinese APTs Use Fake Dalai Lama Apps for Espionage

China-linked hackers deployed spyware disguised as Dalai Lama birthday celebration apps to infiltrate devices used by Tibetan activists. This campaign highlights the ongoing use of mobile spyware to target vulnerable communities.

Build an Offensive SOC, Say Goodbye to Annual Pentests

Security experts are advocating for ongoing testing and offensive strategies over traditional once-a-year pentests. Platforms like Picus have cut vulnerabilities by 50% using continuous validation techniques. It’s time to think of cybersecurity as a daily operation, not a compliance checkbox.

Explore Emerging Identity and AI Risks in New Webinar

Auth0 has released a webinar exploring 2025’s biggest identity trends, from AI-based logins to trust issues in digital systems. It’s a must-see for IT pros looking to stay ahead of potential identity threats.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.