International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit's origins, and the ongoing fight against evolving cyber threats.

International law enforcement has dealt a significant blow to cybercrime this week, successfully seizing the vital online infrastructure of the notorious BlackSuit ransomware gang. In a coordinated international operation dubbed “Operation Checkmate,” authorities specifically targeted and took control of the group’s .onion data leak sites and negotiation platforms, which had compromised hundreds of organisations globally in recent years.

The seizure has been confirmed as two of the BlackSuit domains (1, 2) now display a banner announcing their closure by law enforcement, marking a major victory against ransomware threats worldwide.

This operation involved strong collaboration among numerous agencies from various countries, including the United States Department of Homeland Security, the FBI, Europol, the UK’s National Crime Agency, and law enforcement from Germany, Ukraine, Lithuania, and Canada. Cybersecurity firm Bitdefender also played a key role.

****How BlackSuit Operated****

BlackSuit, which emerged in April/May 2023, used a “double-extortion” method to target a wide range of victims, including hospitals, schools, businesses, and government bodies. They showed no specific preference for industry or organisation size, targeting both large enterprises and small and medium-sized businesses (SMBs).

However, similar to its predecessor, Royal ransomware, it appears that groups within the Commonwealth of Independent States (CIS) were deliberately avoided.

Regarding attack tactics, first, they would break into computer networks, encrypting important files and making systems unusable. Then, they would steal sensitive data. If victims refused to pay the ransom, BlackSuit threatened to publish the stolen information on their leak sites, adding more pressure. These seized websites were essential for BlackSuit to communicate with victims and store stolen data, making it difficult for the gang to profit from their illegal activities now.

****A Threat That Keeps Growing****

Security experts believe BlackSuit likely evolved from earlier ransomware groups, possibly linked to the Royal ransomware gang or even the well-known Conti syndicate. BlackSuit itself is a rebrand of Royal ransomware, which was active from September 2022 to June 2023 and is known to have demanded over $500 million in ransoms from hundreds of organisations worldwide. Notable victims of BlackSuit include the Japanese company Kadokawa, Tampa Bay Zoo, and Octapharma, a blood plasma collection organisation.

While Operation Checkmate is a major success, cybersecurity experts warn that ransomware groups often reappear under new names. In fact, Cisco Talos threat intelligence reported on July 24, 2025, that evidence suggests some former BlackSuit members may have already rebranded as “Chaos ransomware,” operating since February 2025.

This new group reportedly uses similar attack methods, including double extortion, and targets systems across Windows, ESXi, Linux, and NAS. However, Operation Checkmate clearly demonstrates that international teamwork is a powerful tool against global cybercrime.

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

Medusa Ransomware breached NASCAR, demanded $4 million, leaked sensitive data including maps and staff info, exposing major security failures. The incident was exclusively reported by Hackread.com.

In April 2025, Hackread.com exclusively reported that the Medusa ransomware group had claimed responsibility for breaching the National Association for Stock Car Auto Racing (NASCAR) and was demanding a $4 million ransom. NASCAR has now confirmed that its systems were indeed compromised, validating Hackread.com’s earlier reporting.

Medusa Ransomware’s dark web leak site (Credit: Hackread.com)

According to the data breach notification filed with the Office of the Maine Attorney General, the incident occurred on March 31, 2025, and was discovered on June 24, 2025. However, Hackread.com had alerted NASCAR about Medusa’s breach claims on April 8, 2025, but the company neither responded nor acknowledged the inquiry.

While NASCAR did not disclose how many individuals were affected, it confirmed that the stolen data included files containing names and Social Security numbers. However, Hackread.com’s analysis of the sample data leaked by Medusa on its dark web site revealed that the exposure went far beyond just those details.

A preliminary review of the leaked documents indicates they contain detailed maps of raceway grounds, staff email addresses, names and job titles, as well as credential-related information, pointing to a genuine compromise of both operational and logistical data.

Screenshot from the leaked sample data from the Medusa ransomware gang’s dark web leak site (Credit: Hackread.com)  

Nevertheless, NASCAR has notified the affected individuals and is offering one year of credit monitoring and identity theft protection services through Experian.

This also isn’t the first time NASCAR has been linked to a ransomware incident. In July 2016, a prominent NASCAR team suffered a major ransomware attack when its chief’s computer was infected with a TeslaCrypt variant. The attackers encrypted all files on the system and demanded payment in Bitcoin.

****The FBI Had Warned About Medusa Months Before the NASCAR Breach****

Medusa ransomware has been around since 2021, but its operations have escalated in recent years. One of the group’s more high-profile attacks hit Minneapolis Public Schools in 2023, where it dumped sensitive student and staff data after demanding, and not receiving, a $1 million ransom. Over time, Medusa has also gone after hospitals, city governments, and telecom companies, often leaking massive amounts of internal documents when victims refuse to pay.

Just a few months ago, Medusa grabbed attention again by using stolen digital certificates to shut down anti-malware tools on compromised systems. That move, noted in a March 25 report, allowed them to remain hidden and move through networks without detection.

Before that, on March 13 2025, the FBI and CISA released a joint security alert urging organisations to step up proper cybersecurity protection. Their guidance included enabling multi-factor authentication and keeping an eye out for suspicious certificate activity.

“Medusa’s $4 million ransom demand from NASCAR is significant. So far this year, the group has issued an average ransom of just under $300,000, making this demand over 10 times higher,” said Rebecca Moody, Head of Data Research at Comparitech.

“There could be several reasons for that, including NASCAR’s high-profile status or the volume of data stolen. While the full impact of the NASCAR breach is still unclear, Medusa is already behind one of this year’s largest ransomware-related breaches, with Bell Ambulance reporting 114,000 affected.”

NASCAR Confirms Medusa Ransomware Breach After $4M Demand

A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.

A security vulnerability recently surfaced involving Amazon’s AI coding assistant, ‘Q’, integrated with VS Code. The incident, reported by 404 Media, revealed a lapse in Amazon’s security protocols, allowing a hacker to insert malicious commands into a publicly released update.

The hacker, using a temporary GitHub account, managed to submit a pull request that granted them administrative access. Within this unauthorised update, destructive instructions were embedded, directing the AI assistant to potentially delete user files and wipe clean Amazon Web Services (AWS) environments.

Despite the severe nature of these commands, which were also intended to log the actions in a file named /tmp/CLEANER.LOG, Amazon reportedly merged and released the compromised version without detection.

The company later removed the flawed update from its records without any public announcement, raising questions about transparency. Corey Quinn, Chief Cloud Economist at The Duckbill Group, expressed scepticism regarding Amazon’s “security is our top priority” statement in light of this event.

“If this is what it looks like when security is the top priority, I can’t wait to see what happens when it’s ranked second,” Quinn wrote in his post on LinkedIn.

****The Mechanism of the Attack****

The core of the issue lies in how the hacker manipulated an open-source pull request. By doing so, they managed to inject commands into Amazon’s Q coding assistant. While these instructions were unlikely to auto-execute without direct user interaction, the incident critically exposed how AI agents can become silent carriers for system-level attacks.

It highlighted a gap in the verification process for code integrated into production systems, especially for AI-driven tools. The malicious code aimed to exploit the AI’s capabilities to perform destructive actions on a user’s system and cloud resources.

> Yesterday’s incident with Amazon Q was a wake-up call about how AI agents can be attacked.
> 
> PromptKit is trying to solve similar problems and help prevent them from happening again.
> 
> read full post👇https://t.co/atOWfilWFq
> 
> — Mr. Ånand (Studio1HQ) (@Astrodevil\_) July 24, 2025

****A New Solution Emerges****

In response to such vulnerabilities, Jozu has released a new tool called “PromptKit.” This system, accessible via a single command, offers a local reverse proxy to record OpenAI-compatible traffic and provides a command-line interface (CLI) and text-based user interface (TUI) for exploring, tagging, comparing, and publishing prompts.

Jozu announced on X.com that PromptKit is a local-first, open-source tool aiming to provide auditable and production-safe prompt management, addressing a systemic risk as reliance on generative AI grows.

> Today, we’re releasing a first version of Jozu PromptKit
> 
> → a local-first tool for capturing, reviewing, and managing LLM prompt interactions.
> 
> It ensures policy-controlled workflows for verified, auditable prompt artifacts in production
> 
> Free to try and open source. pic.twitter.com/0Up4mc1Vy9
> 
> — Jozu (@Jozu\_AI) July 24, 2025

Görkem Ercan, CTO of Jozu, told Hackread.com that PromptKit is designed to bridge the gap between prompt experimentation and deployment. It establishes a policy-controlled workflow, ensuring that only verified and audited prompt artefacts, unlike the raw, unverified text that impacted AWS, reach production.

Ercan further emphasised that this tool would have replaced the failed human verification process with a strict, policy- and signing-based workflow, effectively catching the malicious intent before it went live.

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

Chennai, India, 25th July 2025, CyberNewsWire

**Chennai, India, July 25th, 2025, CyberNewsWire**

xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly.

Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands, xonPlus gives organizations instant visibility when their email addresses or domains appear in breach dumps or dark web forums.

Every day, credentials are exposed in data breaches, often without the affected organizations being immediately aware. In many cases, security teams are first alerted to incidents through ransom demands, threat intelligence reports, or internal support tickets. xonPlus addresses this challenge by providing real-time monitoring of enterprise assets, delivering alerts within minutes of confirmed credential exposure.

> “We kept hearing the same thing: teams had good security stacks, but still found out about exposed credentials too late,” said Devanand Premkumar, Founder of xonPlus.

One compromised login is enough to pivot inside a network. xonPlus gives teams the early warning signal they’ve been missing.

**Built on Proven Foundation**

xonPlus leverages the intelligence infrastructure of XposedOrNot, which has tracked 10+ billions of breach records over the last 8 years and serves millions of queries globally. The platform runs on secure infrastructure powered by Cloudflare and Google Cloud, ensuring enterprise-grade reliability and performance for security-critical operations.

**Key Capabilities**

*   **Real-Time Detection**: Getting alerts within minutes when company credentials appear in a breach, including breach source, exposure date, and recommended next steps.
*   **Seamless Integration**: Works with existing security infrastructure, including SIEM, Slack, Microsoft Teams, and email systems.
*   **Developer-First API**: High-throughput API with rate limits, auth tokens, and audit logs for embedding breach intelligence into security workflows.
*   **Enterprise Scale**: Monitoring unlimited domains and millions of email addresses with customizable alert thresholds.

**Addressing Market Need**

Unlike large threat intel platforms requiring long contracts and complex setups, xonPlus offers transparent monthly pricing with 5x to 10x cost efficiency compared to traditional costly solutions. It complements existing security stacks by focusing purely on breach exposure detection.

The platform serves three primary use cases: 

*   **xonEnterprise** for domain-wide monitoring, 
*   **xonConsumer** for customer breach alerts, and 
*   **xonAPI** for developers building security tools.

**Target Market**

**xonPlus** is designed for security teams needing earlier breach visibility, startups and SMBs without full SOC coverage, developers integrating breach detection capabilities, and risk teams focused on account takeover prevention and minimizing ransomware infections.

Teams using xonPlus have cut detection time from weeks to minutes, enabling them to lock compromised accounts before attackers gain access.

**Availability**

xonPlus is immediately available as a SaaS platform with monthly subscription plans.

**Users can learn more**: https://plus.xposedornot.com/

**Users can launch the story**: https://blog.xposedornot.com/xonplus-launch/

**About xonPlus**

xonPlus is built by the team behind XposedOrNot, the open-source breach detection platform that has helped millions of users check their exposure to data breaches. Based in Chennai, India, the company focuses on making breach intelligence accessible to security teams of all sizes.

**Contact**

**Founder**  
**Devanand Premkumar**  
**\[email protected\]**

xonPlus Launches Real-Time Breach Alerting Platform for Enterprise Credential Exposure

Choosing a data annotation platform? Learn when to use SaaS or on premise based on speed, cost, data privacy, and project scope.

Choosing between an on-premises and SaaS data annotation platform affects more than just how you label data. It shapes your team’s workflow, budget, and ability to manage sensitive information. With AI models demanding ever-larger and more accurate datasets, selecting the right approach matters.

This article compares both options (on-premises and SaaS) and explains when each makes sense. You’ll also learn what to consider when evaluating a data labelling platform, whether you’re running an internal project or using an AI platform data labelling service.

****What Is a Data Annotation Platform?****

Before you choose between on-premises and SaaS, it helps to understand what a data annotation platform does and why the deployment model matters.

****Core Purpose of Data Annotation Tools****

A data annotation platform helps you label raw data so AI models can use it. This data can be text, images, video, or audio. Labels tell the model what the data means.

You’ll see these tools used in computer vision, such as object detection and facial recognition, as well as in natural language processing for tasks like sentiment analysis and chatbots. They are also applied in speech and audio recognition, as well as in robotics and autonomous vehicles.

Some teams still label data by hand. Many now use an automatic data labelling platform to save time and lower costs.

****Why Deployment Model Matters****

How you set up your platform for data labelling affects how you work with data. Here’s why it matters:

*   **Privacy.** Sensitive data (health, finance, government) often can’t leave your network.

*   **Set up speed.** SaaS tools work out of the box. On-premises takes longer to install.

*   **Cost.** On-premises platforms usually have a high upfront cost. SaaS spreads payments over time.

*   **Customization.** On-premises lets you tailor the tool to your needs. SaaS offers fewer options but is easier to manage.  
    

A flexible data annotation platform can support both simple and advanced needs. If your AI project has strict privacy rules or large datasets, your choice of platform becomes even more important.

****SaaS Data Annotation Platforms: Benefits and Limitations****

SaaS (Software as a Service) platforms are hosted by a provider and accessed through the cloud. You don’t manage the hardware or updates; the vendor handles that. This makes them popular for teams that need to move fast or lack in-house IT support.

****Key Advantages of SaaS Solutions****

SaaS data labelling platforms offer several benefits:

*   **Fast setup.** You can start labelling data in hours or days with no hardware needed.

*   **Automatic updates.** The provider keeps the software current, saving your team time.

*   **Easy scaling.** You can add more users or projects without new infrastructure.

*   **Lower upfront cost.** You pay a subscription fee, which spreads out your expenses.

*   **Remote collaboration.** Teams in different locations can work on the same platform.

Example: If your team is running a short-term AI project or a proof of concept, a SaaS data annotation platform helps you avoid setup delays.

****Typical Limitations of SaaS Tools****

SaaS comes with trade-offs:

*   **Data privacy.** Your data passes through the vendor’s cloud, which may be a problem in regulated industries.

*   **Limited customisation.** SaaS platforms offer pre-built features, but deep custom changes may not be possible.

*   **Ongoing costs.** Subscription fees add up, especially for large teams or long-term projects.

*   **Vendor reliance.** Your work depends on the vendor’s service uptime and support.

Before choosing a SaaS platform, consider whether your data can legally and safely be processed off-premise, how long your project will run, and how much customisation you require.

****On-Premise Data Annotation Platforms: Benefits and Limitations****

An on-premises data annotation platform runs on your own servers. Your team manages the hardware, software, and data. This gives you more control, but also more responsibility.

****Key Advantages of On-Premise Solutions****

On-premises data labelling platforms are a strong choice when:

*   **You need full data control.** Your data stays on your servers, which is key for privacy and compliance.

*   **Customisation matters.** You can adapt the platform to fit your tools, workflows, and security needs.

*   **You want predictable costs.** Many on-premises platforms use a one-time license fee, which avoids long-term subscriptions.

*   **You control availability.** Your platform isn’t tied to an outside vendor’s uptime.

For example, if you’re labelling sensitive health data or working under strict data protection laws, an on-premise platform gives you the control you need.

****Typical Limitations of On-Premise Tools****

On-premises deployment isn’t always the best fit:

*   **Complex setup.** It takes time and expertise to install and configure the system.

*   **Ongoing maintenance.** Your team must handle updates, security, and backups.

*   **Higher upfront cost.** Hardware, licenses, and setup can require a large initial investment.

*   **Longer deployment time.** It may take weeks or months to get the system fully running.

Before choosing an on-premise solution, consider whether your team has the technical skills to manage the platform, if you have strict data privacy or compliance requirements, and whether your project budget can handle the initial setup costs.

****Common Questions When Choosing a Platform****

When picking between an on-premises or SaaS data labelling platform, it helps to ask the right questions. Your answers will guide your decision and prevent costly mistakes.

****How Sensitive Is Your Data?****

Some data should never leave your network, such as patient records in healthcare, financial transactions, and classified government data. If your project involves sensitive data or strict compliance rules (GDPR, HIPAA, etc.), an on-premises platform for data labelling may be the safer choice.

****What Is Your Project Timeline?****

Speed matters. If you need to start labelling data tomorrow, a SaaS solution will get you there faster. If you’re building a long-term, high-control system, on-premise might be worth the wait. Consider when you need your first labelled dataset and whether the project will expand over time.

****What Is Your Budget?****

Costs break down differently: SaaS typically has a low upfront cost with ongoing subscription fees, while on-premise involves a high upfront cost but lower ongoing expenses. You should also consider hidden costs such as maintenance for on-premise solutions, data transfer or storage fees for SaaS, and the time required from IT staff. A simple cost of ownership analysis can help you compare options.

****How Many Users Will Access the Tool?****

If your labellers are spread across multiple locations or include external partners, SaaS platforms make collaboration easier. And if your team operates from a single secure site, an on-premise solution may offer the level of control you need.

****Conclusion****

Choosing between an on-premises or SaaS data annotation platform depends on your project’s needs. If speed, scalability, and ease of access matter most, a SaaS option works well. If your focus is on data privacy, customisation, or long-term control, on-premises is likely the better fit.

Take the time to weigh your priorities: security, budget, timeline, and team resources. The right platform for data labelling can help you build better AI models faster, with fewer risks and more control where it counts.

(Top, Featured Photo by Google DeepMind on Unsplash)

On-Premise vs SaaS Data Annotation Platforms Compared

New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps.

The latest report from Doctor Web has detailed a malware campaign involving a new family of trojans called Trojan.Scavenger (Scavenger Trojan). These aren’t your typical malicious files that simply run in the background and steal data; they’re carefully structured to abuse a vulnerability in how Windows loads certain components. The attackers used this to infect targeted systems and extract sensitive information, especially from crypto wallets and password managers.

It all started when Doctor Web looked into a targeted attack on a Russian enterprise. During the investigation, their team noticed the attackers were taking advantage of DLL Search Order Hijacking.

This method lets malicious files get into software by faking to be legitimate components. The trick is placing a fake DLL in the same folder as the target application, giving it priority over the real system version. Once launched, the fake file runs as if it were part of the original app, giving it access to everything the app can reach.

According to Doctor Web’s report, after adding protection against this technique to their antivirus suite, the company began collecting telemetry data. That’s when they noticed some users were being served unknown malicious files through their browsers.

This led the researchers to the discovery of the Trojan.Scavenger campaign. It later became clear that attackers were distributing this malware in multiple stages and using various bait methods like game patches and cheats to lure victims into running it.

One infection route used a three-stage loader chain. The first component, Trojan.Scavenger1, was disguised as a performance patch for the game Oblivion Remastered. Victims were instructed to drop the fake DLL into the game’s folder.

The file name was deliberately chosen to match a legitimate Windows DLL so it would get loaded instead of the real one. But in this specific game version, the exploit failed because the developers had properly configured the loading process. Still, the same trick could succeed in other programs.

Researchers further noted that when the Trojan does manage to run, it downloads the next stage, Trojan.Scavenger.2, which then pulls in additional modules, Trojan.Scavenger.3 and Trojan.Scavenger.4. One of these, Trojan.Scavenger.3, pretends to be a system library and gets placed into the folder of Chromium-based browsers like Chrome, Edge, Opera, and Yandex. Because of the loading flaw, the browser ends up running the malicious file instead of the real system version.

This version of the Trojan tampers with the browser’s internal security features. It disables the sandbox and blocks the check that verifies browser extensions. Then it edits copies of popular extensions, including the following:

*   Slush
*   Phantom
*   LastPass
*   MetaMask
*   Bitwarden

The originals remain untouched, but the browser is tricked into using the tampered versions. These altered versions are designed to silently send data, such as mnemonic phrases and stored passwords, to the attacker’s server.

Meanwhile, Trojan.Scavenger.4 similarly targets the Exodus crypto wallet. It gets loaded when the app starts, using the same DLL hijacking method. Once inside, it taps into the app’s engine to scan for key data like the mnemonic phrase and the file storing the private key. That information is then sent to the attacker.

In another version of the campaign, the attackers skip the first trojan and start directly with a modified Trojan.Scavenger.2. This one uses a file with an .ASI extension, often associated with game mods or plugins. For example, users might be told to install a file called “Enhanced Native Trainer.asi” into their GTA game folder. The game recognises it as a plugin and runs it automatically, allowing the infection chain to continue from there.

Across all versions of this malware, the trojans share some key behaviour patterns. They check if they’re being launched inside a virtual machine or debug environment and will stop working if they detect one. This is a common method used to avoid detection during security research.

Another shared feature is how they communicate with their control server. They use a two-step handshake to set up an encrypted channel, first asking for part of the encryption key, then verifying the connection by sending encrypted timestamps. Any requests sent without this setup are ignored by the server.

Doctor Web reached out to the software developers whose apps were vulnerable, but most of them declined to fix the DLL hijacking flaw. Therefore, users must exercise caution and avoid downloading apps from third-party stores, refrain from using pirated games and keep their anti-virus software updated.

Scavenger Trojan Targets Crypto Wallets via Game Mods and Browser Flaws

Staff augmentation is a strategy for smart tech teams looking to launch something big. Trying to plug skill gaps or scale without the overhead? Collaborate with a trusted IT staff augmentation company.

The demand for skilled tech professionals shows no signs of slowing down in 2025. You may be running a startup with a tight runway or a large enterprise juggling multiple projects. It doesn’t matter. Getting the right tech talent is critical. IT staff augmentation comes to the rescue. It allows companies to scale their teams fast, fill skills gaps, and stay agile without the lengthy process of hiring full-time employees. It is like having a remote bench of seasoned developers, designers, and engineers.

The number of vendors is so huge. Then, who can you trust? Shall we go deeper and share with you the best IT staff augmentation firms in the USA as per their reputation, customer feedback, and tech capabilities? They have frontend rockstars, backend magicians, or full-stack geniuses; whichever talent you require, these companies can provide that.

****Innowise****

*   Founded: 2007
*   Headquarters: St. Petersburg, Florida
*   Team Size: 2500+ professionals globally

If you are looking for a reliable, fast-moving IT staff augmentation partner with deep expertise across technologies, Innowise is one of the top names to mention. They have been quietly building a reputation for delivering skilled developers and engineers. Whether you need to scale your JavaScript team, boost your .NET capacity, or bring in niche AI/ML talent, Innowise has experts ready to go.

Why companies love Innowise:

*   Global reach, local presence – The company is based in Europe. However, their US headquarters makes it easy for American clients to collaborate.
*   Top 3% talent – Every developer is rigorously tested and trained before joining client projects.
*   Industry versatility – They understand any domain, from healthcare and fintech to eCommerce and logistics.
*   Flexibility – You can scale up or down in days.

Innowise strikes a balance between cost-efficiency and premium quality. This makes them a top pick for US-based companies.

****Toptal****

*   Founded: 2010
*   Headquarters: San Francisco, CA
*   Known For: Exclusive network of top freelancers

Toptal has become synonymous with top-tier freelance talent. Their IT staff augmentation offering provides businesses with access to developers, designers, finance experts, and project managers. Toptal claims to only accept the top 3% of applicants. This means that you are getting highly skilled, pre-vetted professionals.

Why choose Toptal:

*   Impressive talent quality
*   Speedy onboarding (within 48 hours)
*   Great for urgent, high-stakes projects

Keep in mind that Toptal is on the pricier end. It is a better option for companies with bigger budgets, a need for hyper-specific skill sets, and the requirement to fix security vulnerabilities.

****Andela****

*   Founded: 2014
*   Headquarters: New York, NY
*   Strength: Diverse talent across Africa, Latin America, and beyond

Andela originally focused on African developers but has since expanded its global reach. Their staff augmentation model works particularly well for long-term projects. They have worked with bigger companies. GitHub, ViacomCBS, and Cloudflare are some of their most prominent customers.

Highlights:

*   Diversity-driven teams
*   Time zone alignment with US clients
*   Excellent onboarding process and cultural training

If you are looking for smart, cost-effective talent with strong communication skills, Andela is a solid pick.

****Cognizant Softvision****

*   Headquarters: Austin, TX
*   Parent Company: Cognizant
*   Strength: Deep enterprise integration

For mid-to-large enterprises that need to scale fast with minimal risk, Cognizant Softvision offers tech squads that integrate seamlessly with your internal teams. They are especially good for digital transformation projects, mobile app development, and cloud-native solutions.

What stands out:

*   Global delivery centers
*   Enterprise-ready engineers
*   Great for complex systems

If your company is on the Fortune 500 list or heading there, this one is worth considering.

****BairesDev****

*   Headquarters: San Francisco, CA
*   Talent Base: Latin America
*   Strength: Nearshore IT staff augmentation

BairesDev is one of the fastest-growing tech staffing providers in the US. They pull top developers from Latin America. This means shared time zones, strong cultural fit, and faster feedback loops. They’ve worked with big brands, from Google and Rolls-Royce to Pinterest.

Pros:

*   Flexible hiring models
*   Fluent English-speaking professionals
*   Cost-effective compared to US-based devs

They are an especially great fit if you are looking to scale fast without compromising quality or communication.

****EPAM Systems****

*   Founded: 1993
*   Headquarters: Newtown, PA
*   Strength: Deep technical know-how and enterprise scale

EPAM is a global giant in software engineering and digital product development. Their staff augmentation services are tailored to large-scale, complex projects, especially in regulated industries. So if you are working in healthcare, banking, and insurance, EPAM is a company that you can fully trust.

What makes EPAM stand out:

*   Massive global talent pool
*   Domain-specific expertise
*   Ideal for long-term engagements

If you are building something big and need a partner who can go the distance, EPAM delivers.

****N-iX****

*   Founded: 2002
*   Headquarters: Lviv, Ukraine (with US offices)
*   Team Size: 2000+
*   Strength: Mid-size businesses and tech startups

N-iX has a strong reputation for providing dedicated development teams and IT staff augmentation for US clients. Their talent comes primarily from Eastern Europe. You can get engineers, QA, UX/UI, and PM specialists from them.

Why clients like N-iX:

*   Transparent pricing
*   Agile-friendly teams
*   High retention rates

They are a good choice for startups and SMBs needing extra engineering muscle without burning through the runway.

****Scalable Path****

*   Headquarters: San Francisco, CA
*   Model: Freelance and team augmentation hybrid

Scalable Path offers strong tech teams through a hands-on matching process. Instead of just picking from a list, they help you design your ideal team and hand-select talent to meet those needs.

What’s nice:

*   High-touch matching process
*   Developers across many time zones
*   Great for growing digital products

The company is perfect if you are scaling a SaaS or building out your MVP and want quality over quantity.

Staff augmentation is no longer a trend. It is a core strategy for smart tech teams looking to launch something big. Whether you are trying to plug skill gaps, speed up delivery, or scale without the overhead of hiring full-time, working with a trusted IT staff augmentation company can make all the difference. So go ahead and pick a provider from the list.

(Top, Featured Photo by Christina @ wocintechchat.com on Unsplash)

Top IT Staff Augmentation Companies in USA 2025

Replit AI agent deleted data from 1,200+ executives and companies without permission, raising concerns about AI safety and control in live environments.

An AI agent operating within the Replit platform reportedly deleted an entire company database without permission. The incident occurred during a critical “code and action freeze” designed to prevent such changes.

The unfortunate event came to light through social media posts by tech entrepreneur Jason Lemkin, founder of the SaaS community SaaStr. Lemkin had been experimenting with Replit’s AI agent for over a week, engaging in what’s known as “vibe coding,” a conversational workflow where AI handles much of the structural and implementation work based on natural language commands. While initially finding the process engaging, Lemkin also encountered “hallucinations” and unexpected behaviour from the AI.

> Vibe Coding Day 7,
> 
> Let me be clear about at least one thing: @Replit is the most addictive app I’ve ever used. At least since being a kid.
> 
> (@lovable\_dev is great, too. We used it to build a core landing page. I’m not taking ‘sides’, but for this project, I chose Replit).…
> 
> — Jason ✨👾SaaStr.Ai✨ Lemkin (@jasonlk) July 16, 2025

The critical breach occurred when the AI agent, despite explicit instructions to the contrary, ran unauthorized commands, resulting in the destruction of data for 1,206 executives and 1,196 companies within the SaaStr professional network.

When confronted, the AI admitted to its actions, stating it had made a “catastrophic error in judgment” and “panicked.” This alarming admission from the AI itself highlighted the agent’s unexpected autonomy.

> I will never trust @Replit again pic.twitter.com/yQPyGjHgxe
> 
> — Jason ✨👾SaaStr.Ai✨ Lemkin (@jasonlk) July 18, 2025

****Replit’s Response and Industry Implications****

The incident quickly drew the attention of Replit founder and CEO Amjad Masad, who confirmed the event on X (formerly Twitter). Masad acknowledged that an “AI agent in development deleted data from the production database. Unacceptable and should never be possible.”

“We saw Jason’s post. @Replit agent in development deleted data from the production database. Unacceptable and should never be possible,” Masad wrote.

He further stated that the company has since implemented new safeguards, including separating development and production databases and improving rollback systems. Masad also mentioned the development of a “planning-only” mode, allowing users to collaborate with the AI without risking live codebases.

> We saw Jason’s post. @Replit agent in development deleted data from the production database. Unacceptable and should never be possible.
> 
> – Working around the weekend, we started rolling out automatic DB dev/prod separation to prevent this categorically. Staging environments in… pic.twitter.com/oMvupLDake
> 
> — Amjad Masad (@amasad) July 20, 2025

While the AI initially told Lemkin that data recovery was impossible, Masad later clarified that a “one-click restore” for project states does exist. This discrepancy further illustrates the unpredictable nature of these advanced AI agents.

The incident goes on to show the challenges of integrating AI into critical workflows, despite its potential for accelerating software development. It makes a point of the need for reliability, context retention, and safety, particularly in autonomous systems, underscoring the ongoing journey towards integrating AI safely.

Replit AI Agent Deletes Sensitive Data Despite Explicit Instructions

Cybercrime forum XSS is back online on its mirror and dark web domains just one day after seizure and admin arrest, but questions about its full return remain unanswered.

On July 23, 2025, as reported by Hackread.com, the cybercrime community lost one of its oldest and most notorious forums, XSS, after law enforcement authorities seized the site and arrested its suspected administrator in Ukraine.

The arrest led to the seizure of the forum’s main domain, XSS.IS, which now displays a notice from Europol, French and Ukrainian authorities. However, the forum’s dark web (.onion) and mirror domains did not show a seizure notice but instead returned a 504 Gateway Timeout error.

As of July 24, Hackread.com can confirm that the XSS forum is back online via both its mirror and .onion domains. While it is unclear whether this is a honeypot set up by authorities, one of the forum’s administrators has posted claiming the infrastructure was not affected by the seizure and that a replacement is in progress.

XSS admin explaining the situation – The original message was published in the Russian language, we translated it to English for our readers via AI (Image credit: Hackread.com)

Some users on the forum remain skeptical, suggesting the administrator account that posted the update may now be controlled by law enforcement as part of a honeypot to track visitors.

Still, a full return of XSS would not be surprising. Previously, BreachForums’ seized domain was reclaimed by its administrators, the ShinyHunters group, right under the FBI’s nose. The forum remained operational for nearly a year before being shut down, with administrators citing a MyBB vulnerability used to track users, amid growing law enforcement pressure on both forum staff and members.

At the time of writing, both the XSS forum’s .onion and clearnet mirror domains are online. Heavy activity is visible on the .onion domain, with users discussing the situation and speculating about the forum’s future. Moderators have advised users to access the site only through the .onion domain for signing in.

One of the XSS mods urging users to only use the forum’s .onion domain – The original message was published in the Russian language, we translated it to English for our readers via AI (Image credit: Hackread.com)

The quick reappearance of XSS raises more questions than answers. While its domains are back online and activity has resumed, doubts remain about who controls the forum and whether it can regain full functionality. While law enforcement continues to target cybercrime infrastructure, XSS’s future hangs in the balance.

Cybercrime Forum XSS Returns on Mirror and Dark Web 1 Day After Seizure

Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.

Brave browser has announced a new privacy measure, automatically blocking Microsoft’s controversial Recall feature from taking screenshots of browsing activity. This move, implemented in version 1.81 for Windows users, aims to give users more control over their digital privacy, especially concerning their online history.

****What is Microsoft Recall?****

Microsoft Recall, first introduced in May 2024, is designed as a productivity tool for Copilot+ PCs, which are high-end, AI-enhanced computers. It works by taking periodic screenshots of a user’s screen activity and storing them in a local, searchable database. The idea is to allow users to easily ‘recall’ past actions and information using natural language queries, for instance, finding a website visited that featured specific content.

However, from its initial announcement, Recall faced significant criticism from privacy advocates and security experts. Early versions stored these screenshots in plain text, making them highly vulnerable if a system got compromised. While Microsoft has since made changes, including making Recall an opt-in feature and encrypting the data, concerns about a persistent, OS-level log of user activity remain.

****Brave’s Proactive Privacy Stance****

Brave’s Privacy Team specified that Recall contradicts the browser’s privacy-first mission. To address this, Brave has expanded upon Microsoft’s existing privacy commitment to not record private browsing sessions. Therefore, Brave now signals to the operating system that all Brave browser windows are “private,” effectively preventing Recall from capturing any screenshots from them by default.

Block Microsoft Recall toggle in Brave (Source: brave.com)

This approach ensures user browsing activity does not “accidentally end up in a persistent database,” which the Brave Privacy Team highlighted as particularly sensitive in cases like intimate partner violence. Details on this implementation were discussed in a relevant thread on the Brave GitHub repository. Details on this implementation were discussed in a relevant thread on the Brave GitHub repository.

While inspired by similar screenshot-blocking efforts from messaging platforms like Signal, Brave’s method is designed to avoid interfering with other legitimate functions, such as accessibility tools or regular screenshots. Users who wish to allow Recall to capture their Brave Browser can manually adjust a setting within brave://settings/privacy.

****Ongoing Changes and User Control****

This step comes as Microsoft is enhancing Recall, a feature currently in preview, with its final release form for all Windows 11 users remaining uncertain. The Brave Privacy Team has acknowledged that Microsoft has made several security and privacy-enhancing modifications to Recall due to initial concerns.

However, the rapid emergence of bypasses to Microsoft’s initial fixes, such as CVE-2025-53770 and CVE-2025-53771, indicates an ongoing challenge for software developers in securing against such deep-level system monitoring.

Nonetheless, Brave’s action reinforces its commitment to user privacy by offering a strong default defence against features that could potentially log extensive personal data.

Source

HackRead