Russia has ordered Discord to delete nearly 1,000 posts that are deemed illegal. The communication regulator, Roskomnadzor, highlighted that the posts include content related to child pornography, extremism, drug abuse, and LGBT promotion.
Discord, a San Francisco-based platform, and the regulator have yet to respond to queries regarding the order. Previous actions have seen Discord fined 3.5 million roubles for failing to remove illegal material.
Russia’s demands follow a long-standing policy of controlling content on foreign technology platforms. Regular fines are issued for non-compliance, with social media platforms even facing bans in some instances.
President Vladimir Putin continues to emphasise traditional values, particularly with stricter rules on LGBT promotion. Moscow’s broader push aims to restrict content that contradicts the state’s values and regulations.
Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.
The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.
Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.
Cybersecurity experts have uncovered a novel tactic used by hackers to deliver malware for covert crypto mining. Hackers are now exploiting automated email replies from compromised accounts to infect businesses in Russia, including financial institutions, with the XMRig mining tool. Since May, over 150 emails containing this malicious software have been detected, but most were blocked by Facct, a leading threat intelligence firm.
This technique is particularly dangerous as it involves victims initiating contact, and expecting a reply from their initial email. Due to this established communication, many are unsuspecting of the malware attached. Facct urges organisations to stay vigilant by conducting regular cybersecurity training and adopting strong passwords with multifactor authentication.
The XMRig software, often used in crypto mining attacks, has been part of several widespread malware campaigns since 2020, highlighting the persistent threat of cybercriminals using innovative methods to target vulnerable systems.
The United States has imposed sanctions on Russian national Sergey Sergeevich Ivanov and cryptocurrency firm Cryptex, which operates in Russia despite being based in Saint Vincent and the Grenadines, according to the Treasury Department. The sanctions target individuals and organisations involved in facilitating cybercrime and illicit financial activity.
Additionally, the United States Treasury’s Financial Crimes Enforcement Network identified Russian crypto exchange PM2BTC as a ‘primary money laundering concern.’ Officials stressed their commitment to preventing cybercrime networks like PM2BTC and Cryptex from continuing operations, according to acting undersecretary Bradley Smith.
The US State Department has also announced rewards of up to $10 million for information leading to the arrest or conviction of Ivanov and Timur Shakhmametov for their involvement in transnational organised crime. It is also offering rewards of up to $1 million for information on the leaders of crypto exchange PM2BTC and stolen credit card marketplaces PinPays and Joker’s Stash.
These efforts underscore the US government’s continued crackdown on cybercriminal networks and illicit financial activities that threaten global security and economic stability.
The United States Department of Justice is investigating Super Micro Computer, according to a Wall Street Journal report citing sources familiar with the matter. Following the news, shares of the AI server maker fell by about 5%.
Earlier in the month, Super Micro had denied allegations made by short-seller Hindenburg Research, which accused the company of ‘accounting manipulation’ and cited issues like undisclosed related-party transactions and failure to comply with export controls.
Hindenburg revealed its short position in Super Micro in August, prompting a further examination of the company’s financial practices. Super Micro has dismissed the report as containing ‘false or inaccurate statements.’ The server maker did not immediately respond to requests for comment from Reuters.
A new report from PwC has uncovered alarming gaps in global cybersecurity practices among organisations. The 2025 Global Digital Trust Insights survey, which gathered insights from 4,042 business and technology executives across 77 countries, revealed that only 2% of organisations have fully implemented cyber resilience measures in all areas assessed.
Specifically the survey evaluated 12 key resilience actions related to people, processes, and technology. Fewer than 42% of executives believe their organisations have fully adopted any one of these measures. Among the most critical gaps are:
Establishing a resilience team, with only 34% reporting implementation organization-wide
Developing a cyber recovery playbook for IT-loss scenarios, achieved by just 35%
Mapping technology dependencies, with only 31% completed
These findings highlight a concerning vulnerability, leaving many organisations exposed to cyber attacks that could jeopardise their entire operations.
Another critical issue raised in the report is the insufficient involvement of Chief Information Security Officers (CISOs) in essential business activities. Fewer than 50% of CISOs are significantly engaged in strategic planning for cyber investments, board reporting, or overseeing technology deployments. This lack of participation at high decision-making levels creates the risk of misaligned strategies and weaker security postures. The report advocates for granting CISOs a seat at the table to ensure cybersecurity considerations are embedded within core business strategies.
The rapid integration of new technologies is introducing additional cybersecurity challenges. According to the report, 67% of security executives indicated that the rise of generative AI has expanded their attack surface over the past year. Vulnerabilities are also increasing due to the adoption of cloud technologies and connected devices. Despite these risks, organisations continue to invest in new technologies, with 78% of executives reporting increased spending on generative AI in the last year, underscoring the tension between innovation and security.
Cybersecurity regulations are emerging as a significant catalyst for investment, with 96% of executives acknowledging that regulatory requirements have driven enhancements in their security measures. Furthermore, 78% believe that regulations have prompted improvements or challenges to their cybersecurity posture. However, the report also highlights a notable confidence gap between CISOs/CSOs and CEOs concerning compliance with AI and resilience regulations. This 13-point disparity indicates a disconnect in how different executives view their organisation’s readiness to meet regulatory demands.
Senior officials from GCHQ, the UK’s cyber and signals intelligence agency, published a rare article defending the role of legal frameworks in guiding cyber operations. The article responds to recent criticism by an anonymous European intelligence official in Binding Hook, who argued that the West’s cyber capabilities are being constrained by overly stringent legal oversight. According to the article, these restrictions may be giving cyber actors from countries like China and Russia a strategic advantage, as they face fewer operational constraints. The article also points to recent public statements by former leaders of Germany’s foreign intelligence service, who have voiced concerns that excessive legal oversight is weakening national security efforts.
Although the GCHQ article does not reference specific cyber operations, it addresses a significant challenge faced by agencies focused on foreign intelligence. Under current laws, such agencies may be prohibited from collecting intelligence from systems owned by their own citizens, even if those systems are being exploited by foreign attackers.
GCHQ’s stance emphasises the need for a balanced approach, arguing that cyber operations can and should be conducted in a ‘responsible and democratic’ manner. The following article reflects the agency’s growing engagement with public and academic discussions on the evolving role of law in modern cybersecurity.
Three Iranian nationals have been indicted in the US for their alleged involvement in a hacking campaign targeting former President Donald Trump’s 2020 campaign. The US Justice Department unsealed charges against Seyyed Ali Aghamiri, Yasar Balaghi, and Masoud Jalili, who are believed to be affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). The three individuals, based in Iran, face charges including material support for terrorism, computer fraud, wire fraud, and identity theft.
Though no evidence suggests the stolen data was used, Iran’s intent to influence the US election was highlighted. The State Department has issued a $10 million reward for information leading to the capture of Aghamiri, Balaghi, and Jalili. According to the indictment, the hackers impersonated government officials and used spear-phishing tactics to infiltrate systems and steal sensitive information. Their motives, beyond general geopolitical disruption, reportedly included avenging the death of Iranian military commander Qasem Soleimani, who was killed in a US strike in January 2020.
The US and UK governments issued indictments alongside sanctions and alerts, highlighting ongoing cybersecurity threats posed by the IRGC. Both countries’ cybersecurity agencies jointly released a 14-page advisory detailing recent cyber activities linked to the IRGC, cautioning against tactics described in the indictment and additional tools used to target presidential campaigns, senior government officials, think tank leaders, journalists, activists, and lobbyists. In addition, John Hultquist from Google’s Threat Intelligence Group stated that Iran controls ‘multiple contractors’ responsible for some of the most aggressive cyber operations in the Middle East, Europe, and the US.
Google has restricted the creation of new accounts for Russian users, according to Russia‘s digital ministry. The move follows mounting pressure on the tech giant over its failure to remove content deemed illegal by Moscow and for blocking Russian media channels on YouTube following the invasion of Ukraine. Telecom operators have also reported a sharp decline in the number of SMS messages sent by Google to Russian users.
The digital ministry warned there is no guarantee that two-factor authentication SMS confirmations will continue functioning for Google services. It advised users to back up their data and consider alternative authentication methods or domestic platforms. Google had already deactivated AdSense accounts in Russia in August and halted serving ads in the country in March 2022.
Google has blocked over 1,000 YouTube channels linked to state-sponsored Russian media, as well as more than 5.5 million videos. Slower speeds on YouTube in Russia have been recorded recently, with Russian lawmakers blaming the issue on Google’s equipment, a claim the company disputes.
British police announced on Thursday that they are investigating a cyberattack that displayed an Islamophobic message on Wi-Fi services at major railway stations. Passengers trying to connect to the Wi-Fi encountered a message referencing terror attacks, leading to the immediate shutdown of the system managed by communications group Telent. The British Transport Police reported that they received notifications about the incident at approximately 5:03 p.m. on September 25.
The incident occurred amid heightened tensions in Britain, where anti-Muslim riots erupted over the summer following the tragic killing of three young girls. Misinformation initially blamed the attack on an Islamist migrant, further inflaming community tensions. In response, the police are working closely with Network Rail to investigate the cyberattack promptly.
Following the incident, which impacted 19 stations including London Bridge, London Euston, Manchester Piccadilly, and Edinburgh Waverley, Network Rail confirmed that the Wi-Fi service remained offline. Telent stated that no personal data was compromised in the hack, explaining that an unauthorised change was made to the Network Rail landing page using a legitimate administrator account. As a precaution, Telent temporarily suspended all Global Reach services to verify that other customers were not affected. Network Rail expects the Wi-Fi service to be restored over the weekend after conducting final security checks.
