A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online.

After the United Kingdom’s Online Safety Act went into effect on Friday, requiring porn platforms and other adult content sites to implement user age verification mechanisms, use of virtual private networks (VPNs) and other circumvention tools spiked in the UK over the weekend.

Experts had expected the surge, given that similar trends have been visible in other countries that have implemented age check laws. But as a new wave of age check regulations debuts, open internet advocates warn that the uptick in use of circumvention tools in the UK is the latest example of how an escalating cat-and-mouse game can develop between people looking to anonymously access services online and governments seeking to enforce content restrictions.

The Online Safety Act requires that websites hosting porn, self-harm, suicide, and eating disorder content implement “highly effective” age checks for visitors from the UK. These checks can include uploading an ID document and selfie for validation and analysis. And along with increased demand for services like VPNs—which allow users to mask basic indicators of their physical location online—people have also been playing around with other creative workarounds. In some cases, reportedly, you can even use the video game _Death Stranding_’s photo mode to take a selfie of character Sam Porter Bridges and submit it to access age-gated forum content.

For proponents of the law, there is progress to point to as well. The UK’s communications regulator Ofcom says that more than 6,600 porn websites have introduced age checks so far. And major social platforms like Reddit, X, and Bluesky have also added age verification for content that is now restricted in the UK or are in the process of doing so. Microsoft has even started rolling out voluntary age checks for Xbox users in the UK. But even if this movement is satisfactory for now, digital rights advocates point out that normalizing such mechanisms creates the possibility that they will be enforced more aggressively in the future.

“I think people just want to show that we can make some progress on this without thinking about what the consequences of the progress will be,” says Daniel Kahn Gillmor, a senior staff technologist at the American Civil Liberties Union. “We do know that there are some things that you can do to help kids have a better relationship with digital tools. And that involves having an adequate social support network; it involves listening when kids run into problems and making sure that they have functioning emotional relationships with adults who can respond to them. But instead what we’re looking for is a quick technological fix, and those technological fixes have consequences.”

Seema Shah, VP of research and insights at the market intelligence firm Sensor Tower, says five VPN apps have experienced particularly “explosive growth” and reached the top 10 free apps on Apple’s UK App Store by Monday.

“According to Sensor Tower estimates, iOS devices have seen a greater spike in VPN downloads in the UK, as downloads across the selected VPN apps are up an average of 100 percent day-over-day over the past four days on iOS versus a 5 percent day-over-day increase for Android devices,” Shah says.

Multiple VPN makers have also reported spikes in visitors and sign-ups in recent days. In a post on X on Friday, Proton VPN claimed that “just a few minutes after the Online Safety Act went into effect last night, Proton VPN sign-ups originating in the UK surged by more than 1,400%.” David Peterson, general manager of Proton VPN, told WIRED that since then there has been a sustained 1,800 percent increase in daily sign-ups.

Also on Friday, the Windscribe VPN service posted a screenshot on X claiming to show a spike in new subscribers. The makers of the AdGuard VPN claimed that they have seen a 2.5X increase in install rates from the UK since Friday.

Nord Security, the company behind the NordVPN app, says it has seen a “1,000 percent increase in purchases” of subscriptions from the UK since the day before the new laws went into effect. “Such spikes in demand for VPNs are not unusual,” Laura Tyrylyte, Nord Security’s head of public relations, tells WIRED. She adds in a statement that “whenever a government announces an increase in surveillance, internet restrictions, or other types of constraints, people turn to privacy tools.”

People living under repressive governments that impose extensive internet censorship—like China, Russia, and Iran—have long relied on circumvention tools like VPNs and other technologies to maintain anonymity and access blocked content. But as countries that have long claimed to champion the open internet and access to information, like the United States, begin considering or adopting age verification laws meant to protect children, the boundaries for protecting digital rights online quickly become extremely murky.

“There will be a large number of people who are using circumvention tech for a range of reasons” to get around age verification laws, the ACLU’s Kahn Gillmor says. “So then as a government you’re in a situation where either you’re obliging the websites to do this on everyone globally, that way legal jurisdiction isn’t what matters, or you’re encouraging people to use workarounds—which then ultimately puts you in the position of being opposed to censorship-circumvention tools.”

Age Verification Laws Send VPN Use Soaring—and Threaten the Open Internet

Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the LLM misinterprets as instructions.

How Microsoft defends against indirect prompt injection attacks

A new report from Google's GTIG reveals how UNC3944 (0ktapus) uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps.

A highly “aggressive” cyber campaign, identified in mid-2025 by Google’s Threat Intelligence Group (GTIG), is posing a severe threat to major industries, including retail, airlines, and insurance.

This sophisticated operation is attributed to Scattered Spider, a financially motivated hacking group also known as 0ktapus and UNC3944, which has been involved in high-profile breaches, including those affecting UK retail giants M&S, Harrods, and Co-op.

Although several members of the group have been arrested and charged in the United States and the United Kingdom over attacks on MGM Resorts and major retailers, the group remains highly active and continues to demonstrate a global presence.

In its latest campaign, as reported by GTIG, the group is eyeing compromised Active Directory accounts to gain full control of VMware vSphere environments to steal sensitive data and deploy ransomware directly from the hypervisor.

This method is particularly dangerous as it often bypasses traditional security tools like Endpoint Detection and Response (EDR), which lack visibility into the underlying ESXi hypervisor and vCenter Server Appliance (VCSA).

GTIG outlines how UNC3944 moves from an initial low-level foothold to complete hypervisor control across five methodical phases. The critical entry point involves phone-based social engineering where attackers impersonate a regular employee, making phone calls to the IT help desk. By using publicly available personal information and persuasive tactics, they trick help desk agents into resetting Active Directory passwords.

This initial access allows them to conduct internal reconnaissance, searching for high-value targets like vSphere administrators or powerful Active Directory groups. They then make a second, more informed call, impersonating a privileged administrator to take over their account. This cunning two-step process bypasses standard technical protections by exploiting vulnerabilities in help desk identity verification procedures.

Once privileged Active Directory credentials are stolen, the attackers swiftly move to compromise the vCenter Server. From there, they gain “virtual physical access” to the VCSA. They manipulate the system’s bootloader to achieve root access, enabling SSH, and then deploy a legitimate open-source tool called Teleport. This tool creates a persistent, encrypted communication channel, effectively bypassing most firewalls.

 With this deep control, they can enable SSH on ESXi hosts, reset passwords, and perform an “offline attack” on critical virtual machines, such as Domain Controllers. This involves powering off a target VM, detaching its virtual disk, attaching it to an unmonitored “orphaned” VM, and copying sensitive data like the Active Directory database.

All of this occurs at the hypervisor layer, rendering it invisible to in-guest security agents. Before deploying ransomware, they sabotage recovery efforts by targeting backup infrastructure, deleting jobs and repositories. Finally, they use SSH access to ESXi hosts to push their custom ransomware, forcibly powering off VMs and encrypting files directly from the hypervisor.

Attack chain (Via Google)

“UNC3944’s playbook requires a fundamental shift in defensive strategy, moving from EDR-based threat hunting to proactive, infrastructure-centric defence,” Google warns. The group operates with extreme speed; the entire attack, from initial access to ransomware deployment, “can occur in mere hours.” Therefore, organisations must protect their virtualised assets through strong identity verification, VMware hardening, backup integrity, and continuous monitoring.

“The advanced sophistication Scattered Spider exhibits should have security teams on high alert,” said Thomas Richards, Infrastructure Security Practice Director at Black Duck, a Burlington, Massachusetts-based provider of application security solutions.

“Social engineering attacks can be prevented with proper training and a challenge process to validate the caller is who they say they are. By using valid credentials and built-in tools, it is difficult for security teams to discern if they are compromised or not,” he advised.

Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls.

A newly disclosed macOS vulnerability is allowing attackers to bypass Apple’s privacy controls and access sensitive user data, including files cached by Apple Intelligence. Tracked as CVE-2025-31199, the flaw was identified by Microsoft Threat Intelligence and involves a method that abuses Spotlight plugins to leak protected files.

Microsoft Threat Intelligence, which originally spotted the vulnerability, revealed the flaw and dubbed the exploit “Sploitlight” due to its abuse of Spotlight plugins. While Apple has already released a patch, the technical method behind the exploit should be concerning for macOS users, especially those using Apple’s latest AI-powered features.

It all starts with how Spotlight, macOS’s built-in search tool, handles plugins known as importers. These are designed to help index content from specific apps like Outlook or Photos.

Microsoft researchers found that attackers could modify these importers to scan and leak sensitive data from TCC-protected locations like Downloads and Pictures, even without the user’s permission. The trick? Logging file contents in chunks through the system log, then quietly retrieving them.

However, according to the company’s blog post, it gets worse. Apple Intelligence, installed by default on all ARM-based Macs, stores caches containing geolocation data, photo and video metadata, recognised faces, and even search history.

This information, protected under TCC (Transparency, Consent, and Control) rules, is typically out of reach to apps without user consent. But using Sploitlight, attackers can pull this data directly from the caches, bypassing the system’s consent mechanisms entirely.

Microsoft’s proof-of-concept shows a clear step-by-step process attackers could use to exploit the flaw. By modifying the metadata of a Spotlight plugin, placing it in a specific directory, and triggering a scan, attackers can tap into sensitive folders without ever requesting access. And because these plugins don’t need to be signed, no compilation is necessary. A few tweaks to a text file are all it takes.

Apple’s patch, released in March 2025 for macOS Sequoia, addresses this flaw. Microsoft thanked Apple’s security team for cooperating under Coordinated Vulnerability Disclosure and urged users to install the updates without delay.

The impact goes further than the mechanics of the exploit and affects real user data. Since metadata and facial recognition information sync across Apple devices via iCloud, attackers exploiting a single Mac could also gain indirect insights into iPhones or iPads linked to the same account.

This isn’t the first TCC bypass Apple has dealt with. Earlier examples like powerdir and HM-Surf relied on different system components, but Sploitlight’s use of Spotlight importers makes the attack both subtle and effective. It blurs the lines between trusted operating system components and what can be injected from user-controlled sources.

If you use a Mac, especially one with Apple Intelligence features active, make sure your system is up to date. The fix for CVE-2025-31199 is live and available, and applying it closes off this very specific way of data theft.

macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers

### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-25mx-8f3v-8wh7. This link is maintained to preserve external references.

### Original Description
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   GitHub Spark New
        
        Build and deploy intelligent apps
        
    *   GitHub Models New
        
        Manage and compare prompts
        
    *   GitHub Advanced Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   Events & Webinars
    *   Ebooks & Whitepapers
    *   Customer Stories
    *   Partners
    *   Executive Insights
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-rfx3-ffrp-6875

**Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic**

Low severity GitHub Reviewed Published Jul 28, 2025 to the GitHub Advisory Database • Updated Jul 28, 2025

Withdrawn This advisory was withdrawn on Jul 28, 2025

**Package**

cargo sequoia-openpgp (Rust)

**Affected versions**

< 1.1.1

\>= 1.2.0, < 1.8.1

\>= 1.9.0, < 1.16.0

**Patched versions**

1.1.1

1.8.1

1.16.0

**Description**

Published by the National Vulnerability Database

Jul 28, 2025

Published to the GitHub Advisory Database

Jul 28, 2025

Last updated

Jul 28, 2025

**EPSS score**

GHSA-rfx3-ffrp-6875: Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic

Cybersecurity researchers at CloudSEK’s STRIKE team used facial recognition and GPS data to expose a massive, over $2…

Cybersecurity researchers at CloudSEK’s STRIKE team used facial recognition and GPS data to expose a massive, over $2 million, fake currency operation in India. This report details the exposure of individuals and their activities on Facebook and Instagram.

A large-scale counterfeit currency operation is reportedly circulating fake notes worth millions of dollars, which has been brought to light by cybersecurity firm CloudSEK. Its investigation, shared with Hackread.com, CloudSEK’s STRIKE team has not only calculated the vast spread of this illicit trade, estimated at ₹17.5 crore (over $2 million) in fake Indian currency over just six months (December 26, 2024, to June 26, 2025), but has also managed to identify and pinpoint key individuals behind it.

The unique aspect of this exposé lies in the direct attribution of culprits. Using digital forensics, GPS data, and facial recognition technology, CloudSEK has identified and located major players across the Indian state of Maharashtra.

According to Sourajeet Majumder, a security researcher at CloudSEK, “This is the first time that a cyber investigation has offered such precise attribution of counterfeit actors operating in public digital spaces. We didn’t just find content, we identified the key perpetrators.”

Reportedly, bad actors are using popular social media platforms like Facebook and Instagram in this campaign. CloudSEK’s XVigil platform played a crucial role in its detection by monitoring open-source environments for specific terms like “second series” or “A1 notes,” which are codewords used by sellers.

Source: CloudSEK

The investigation revealed over 4,500 posts promoting counterfeit currency and more than 750 accounts or pages involved in selling these fake notes. Furthermore, over 410 unique phone numbers were found to be connected to sellers. These groups even used Meta Ads for paid promotions, openly reaching out to potential buyers. Some sellers went as far as sharing videos, handwritten notes, and even video calls to show the supposed quality of their fake currency, creating a dangerous “trust-based” black market out in the open.

Source: CloudSEK

****Tracking Down the Accused****

CloudSEK’s researchers combined advanced Open Source Intelligence (OSINT) and Human Intelligence (HUMINT) techniques to unmask group administrators and sellers. They collected facial images, phone numbers, exact GPS locations, and social media profiles of the main suspects.

The researchers also identified several accounts operating under aliases such as Vivek Kumar, Karan Pawar, and Sachin Deeva. Geolocation evidence pointed to activity in Jamade Village (Dhule district, Maharashtra) and Pune, strongly suggesting a coordinated syndicate primarily based in Maharashtra, with Dhule being the potential hotspot.

Further probing revealed that the counterfeiters advertise their fake notes through various social media channels using hashtags like #fakecurrency. To gain trust, they engage with buyers via WhatsApp, sharing “proof” images and even offering live video calls. The production involves professional tools like Adobe Photoshop, industrial-grade printers, and paper that sometimes mimics security features like Mahatma Gandhi watermarks and green security threads.

Source: CloudSEK

CloudSEK has shared its findings with relevant law enforcement agencies at both the state and national levels, providing detailed intelligence to aid in disrupting this criminal network and protecting the country’s financial stability.

Researchers Expose Massive Online Fake Currency Operation in India

BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future.

The notorious cybercrime and hacker platform BreachForums has mysteriously resurfaced on its original dark web .onion domain. The site appears to be fully restored, including its infrastructure, user-leaked databases, official breach listings and forum posts.

For your information, in early April 2025, both the clearnet and dark web domains of BreachForums went offline without explanation. Members speculated about possible law enforcement action or a forum seizure.

Then, on April 28, as reported by Hackread.com, the forum’s homepage was replaced with a message stating that a MyBB 0-day vulnerability had left the site exposed to infiltration attempts by law enforcement, and it needed to be taken offline until the issue was resolved. That was the last message before BreachForums disappeared.

****Admin N/A?****

However, earlier today, Hackread.com spotted that the platform’s .onion domain had become active again, now under a new admin handle, “N/A.” The identity of “N/A” is unknown, but they claim the forum’s clearnet domain was suspended by the registrar following complaints and pressure from law enforcement.

Additionally, they claim the MyBB vulnerability has been fixed and that the forum was never compromised, with user data remaining protected throughout. “N/A” also addressed reports about the arrests of ShinyHunters members, denying that any original group members have been taken into custody.

For your information, after the arrest of former BreachForums administrator Conor Fitzpatrick, also known as Pompompurin, the forum reemerged under the leadership of the ShinyHunters group. However, in June 2025, authorities claimed to have arrested members of ShinyHunters, along with IntelBroker, another active member who had also served as the group’s administrator.

“N/A” also denied ever giving admin access to IntelBroker, claiming it was part of a strategy to divert law enforcement’s attention away from the original owners. According to the statement, IntelBroker never had administrative access to the forum.

Message from Admin N/A on BreachForums (Image credit: Hackread.com)

****As XSS.IS Falls, BreachForums Reemerges****

The return of BreachForums comes at a time when law enforcement is intensifying efforts against cybercrime. Less than 24 hours ago, in an operation called “Operation Checkmate,” authorities seized the infrastructure of the BlackSuit ransomware group, including two of its .onion domains.

Just a couple of days ago, the Russian-language cybercrime platform XSS.IS was seized following the arrest of its suspected administrator in Ukraine. While its dark web domain remains accessible, posts from admins and moderators suggest plans to revive the forum on other domains. Meanwhile, the return of BreachForums presents yet another challenge for law enforcement agencies.

The return of BreachForums on the dark web, along with plans to restore its clearnet domains, may be seen as good news within cybercrime circles, but it raises serious questions. Is it a honeypot set up by law enforcement? Who is “N/A”? Where is the original admin team if they haven’t been arrested? If you are active on BreachForums, sign in at your own risk, and consider quitting cybercrime for good.

BreachForums Resurfaces on Original Dark Web (.onion) Address

International law enforcement agencies, including the FBI and Europol, have successfully seized the infrastructure of the notorious BlackSuit ransomware gang in Operation Checkmate. This article details the takedown, BlackSuit's origins, and the ongoing fight against evolving cyber threats.

International law enforcement has dealt a significant blow to cybercrime this week, successfully seizing the vital online infrastructure of the notorious BlackSuit ransomware gang. In a coordinated international operation dubbed “Operation Checkmate,” authorities specifically targeted and took control of the group’s .onion data leak sites and negotiation platforms, which had compromised hundreds of organisations globally in recent years.

The seizure has been confirmed as two of the BlackSuit domains (1, 2) now display a banner announcing their closure by law enforcement, marking a major victory against ransomware threats worldwide.

This operation involved strong collaboration among numerous agencies from various countries, including the United States Department of Homeland Security, the FBI, Europol, the UK’s National Crime Agency, and law enforcement from Germany, Ukraine, Lithuania, and Canada. Cybersecurity firm Bitdefender also played a key role.

****How BlackSuit Operated****

BlackSuit, which emerged in April/May 2023, used a “double-extortion” method to target a wide range of victims, including hospitals, schools, businesses, and government bodies. They showed no specific preference for industry or organisation size, targeting both large enterprises and small and medium-sized businesses (SMBs).

However, similar to its predecessor, Royal ransomware, it appears that groups within the Commonwealth of Independent States (CIS) were deliberately avoided.

Regarding attack tactics, first, they would break into computer networks, encrypting important files and making systems unusable. Then, they would steal sensitive data. If victims refused to pay the ransom, BlackSuit threatened to publish the stolen information on their leak sites, adding more pressure. These seized websites were essential for BlackSuit to communicate with victims and store stolen data, making it difficult for the gang to profit from their illegal activities now.

****A Threat That Keeps Growing****

Security experts believe BlackSuit likely evolved from earlier ransomware groups, possibly linked to the Royal ransomware gang or even the well-known Conti syndicate. BlackSuit itself is a rebrand of Royal ransomware, which was active from September 2022 to June 2023 and is known to have demanded over $500 million in ransoms from hundreds of organisations worldwide. Notable victims of BlackSuit include the Japanese company Kadokawa, Tampa Bay Zoo, and Octapharma, a blood plasma collection organisation.

While Operation Checkmate is a major success, cybersecurity experts warn that ransomware groups often reappear under new names. In fact, Cisco Talos threat intelligence reported on July 24, 2025, that evidence suggests some former BlackSuit members may have already rebranded as “Chaos ransomware,” operating since February 2025.

This new group reportedly uses similar attack methods, including double extortion, and targets systems across Windows, ESXi, Linux, and NAS. However, Operation Checkmate clearly demonstrates that international teamwork is a powerful tool against global cybercrime.

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.
"The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

Chennai, India, 25th July 2025, CyberNewsWire

**Chennai, India, July 25th, 2025, CyberNewsWire**

xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly.

Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands, xonPlus gives organizations instant visibility when their email addresses or domains appear in breach dumps or dark web forums.

Every day, credentials are exposed in data breaches, often without the affected organizations being immediately aware. In many cases, security teams are first alerted to incidents through ransom demands, threat intelligence reports, or internal support tickets. xonPlus addresses this challenge by providing real-time monitoring of enterprise assets, delivering alerts within minutes of confirmed credential exposure.

> “We kept hearing the same thing: teams had good security stacks, but still found out about exposed credentials too late,” said Devanand Premkumar, Founder of xonPlus.

One compromised login is enough to pivot inside a network. xonPlus gives teams the early warning signal they’ve been missing.

**Built on Proven Foundation**

xonPlus leverages the intelligence infrastructure of XposedOrNot, which has tracked 10+ billions of breach records over the last 8 years and serves millions of queries globally. The platform runs on secure infrastructure powered by Cloudflare and Google Cloud, ensuring enterprise-grade reliability and performance for security-critical operations.

**Key Capabilities**

*   **Real-Time Detection**: Getting alerts within minutes when company credentials appear in a breach, including breach source, exposure date, and recommended next steps.
*   **Seamless Integration**: Works with existing security infrastructure, including SIEM, Slack, Microsoft Teams, and email systems.
*   **Developer-First API**: High-throughput API with rate limits, auth tokens, and audit logs for embedding breach intelligence into security workflows.
*   **Enterprise Scale**: Monitoring unlimited domains and millions of email addresses with customizable alert thresholds.

**Addressing Market Need**

Unlike large threat intel platforms requiring long contracts and complex setups, xonPlus offers transparent monthly pricing with 5x to 10x cost efficiency compared to traditional costly solutions. It complements existing security stacks by focusing purely on breach exposure detection.

The platform serves three primary use cases: 

*   **xonEnterprise** for domain-wide monitoring, 
*   **xonConsumer** for customer breach alerts, and 
*   **xonAPI** for developers building security tools.

**Target Market**

**xonPlus** is designed for security teams needing earlier breach visibility, startups and SMBs without full SOC coverage, developers integrating breach detection capabilities, and risk teams focused on account takeover prevention and minimizing ransomware infections.

Teams using xonPlus have cut detection time from weeks to minutes, enabling them to lock compromised accounts before attackers gain access.

**Availability**

xonPlus is immediately available as a SaaS platform with monthly subscription plans.

**Users can learn more**: https://plus.xposedornot.com/

**Users can launch the story**: https://blog.xposedornot.com/xonplus-launch/

**About xonPlus**

xonPlus is built by the team behind XposedOrNot, the open-source breach detection platform that has helped millions of users check their exposure to data breaches. Based in Chennai, India, the company focuses on making breach intelligence accessible to security teams of all sizes.

**Contact**

**Founder**  
**Devanand Premkumar**  
**\[email protected\]**

Tag

#intel