Author: VictorAdmin5

During the first six months of 2025, WhatsApp has taken down 6.8 million accounts that were “linked to criminal scam centers” targeting people online around that world, said its parent company Meta in an August 5, 2025 statement.

“Some of the most prolific sources of scams are criminal scam centers, often fueled by forced labor and operated by organized crime primarily in Southeast Asia.” “Based on our investigative insights into the latest enforcement efforts, we proactively detected and took down accounts before scam centers were able to operationalize them.”, the statement continues.

Recently WhatsApp, Meta and OpenAI disrupted scams efforts which we were able to link to a criminal scam center in Cambodia. These attempts ranged from offering payments for fake likes to enlisting others into a rent-a-scooter pyramid scheme, or luring people to invest in cryptocurrency.

WhatsApp is rolling out two new anti-scam tools to protect its users. A new safety overview will appear when someone who is not one of your contacts adds you to unknown groups, allowing users to review the details before deciding to stay or leave. Notifications remain silenced until users mark to stay. For one-on-one chats, WhatsApp is testing warnings when people not in your contacts initiate a message, offering more context to help users pause and think before engaging. These features help counter common scam tactics at scale and keep users safer on the platform.

Read more about it here.

An unknown threat actor has stolen the sensitive information, including personal, financial, and health information, of 868,969 Columbia University current and former students, applicants and employees, after breaching the university’s network in May 2025.

The breach was discovered and reported to law enforcement authorities following an outage that affected some of its systems on June 24.

“Last week, we reported a technical outage that disrupted certain parts of our IT systems.” says a July 1 statement made by the university. “We immediately began an investigation with the assistance of leading cybersecurity experts and after substantial analysis determined that the outage was caused by an unauthorized party”.

The affected information includes Social Security numbers, contact details, demographic information, academic history, financial aid-related information, insurance-related information, and certain health information.

In an August 5 statement, Columbia University is offering two years of free credit monitoring and identity protection services to the impacted individuals.

Read more about it here.

Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of more than 1.4 million individuals.

Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based in central Virginia. With 120 years in operation, RAR provides diagnostic, vascular and neurovascular interventional services to hospitals, freestanding emergency centers and outpatient imaging centers throughout central Virginia.

The organization discovered on May 2, 2025 that threat bad actors gained access to its systems between April 2 and 6, 2024. The security breach contained identifiable protected health and personal information. The practice quickly secured its network with the help of external cybersecurity experts and is assessing the impact. It also offered impacted individuals complimentary credit monitoring.

Read more about it here.

A recent Louis Vuitton data breach affected 419,000 customers in the UK, South Korea, Turkey, Italy, Sweden and possibly more countries. Customers of the French luxury retailer Louis Vuitton are being notified of a data breach.

Breached information included names, passport details, addresses, email addresses, phone numbers, shopping history and product preferences. Hong Kong’s Office of the Privacy Commissioner said it started investigating the data breach.

In statements emailed by LVMH to affected users, no payment information was affected.

LVMH said the French head office had found suspicious activities on its computer system on June 13, 2025, discovered Hong Kong customers were affected on July 2, and then reported the breach to the Hong Kong watchdog on July 17.

Read more about it here.

Security researchers Ian Carroll and Sam Curry revealed multiple vulnerabilities in the McDonald’s AI-powered hiring platform, McHire, that exposed the personal information of over 64 million job applicants.

The root of the problem was surprisingly simple: McHire’s administrative interface, designed for restaurant franchisees, accepted the incredibly insecure username and password combination of “123456”. That and an insecure direct object reference (IDOR) allowed to gain entry and immediately granted access to live administrative dashboards. This in turn allowed to access to any inbox to retrieve the personal data of more than 64 million applicants.

Personal information included names, emails, phone numbers, jobs details and chat logs between applicants and McDonald’s AI recruiter, which could have included additional personal information.

McDonald responded swiftly:

June 30, 2025 5:46PM ET: Disclosed to Paradox.ai and McDonald’s
June 30, 2025 6:24PM ET: McDonald’s confirms receipt and requests technical details
June 30, 2025 7:31PM ET: Credentials are no longer usable to access the app
July 1, 2025 9:44PM ET: Followed up on status
July 1, 2025 10:18PM ET: Paradox.ai confirms the issues have been resolved

Read more about it here.

Researchers announced the discovery of what seems to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed online. The ongoing investigation, which began earlier in 2025, suggests that the credentials were collected through multiple infostealer malware strains.

The report published by CyberNews, says:

• The records are scattered across 30 different datasets, and some records are or might be overlapping
• The data most likely comes from various infostealers
• The data is recent, not merely recycled from old breaches

The data, structured by URL, login, and password, targets services like Apple, Google, Facebook, Telegram, GitHub, and some government portals.

The only silver lining here is that all of the datasets were exposed only briefly: long enough for researchers to uncover them, but not long enough to find who was controlling vast amounts of data. Most of the datasets were temporarily accessible through unsecured Elasticsearch or object storage instances.

How should we all boost our online protection?

• Use long and complex passwords
• Enable multi-factor authentication (MFA) whenever it is offered
• Use biometric authentication if available, such as fingerprint recognition and facial scan
• Use password managers
• Change old passwords to stronger passwords
• When you receive a text message or an email, don’t trust anyone

Read more about it here.

Luxury jewelry company Cartier disclosed on June 3, 2025 that it had its web site hacked and some client data stolen.

Cartier, whose watches, necklaces and bracelets have been worn by celebrities such as Taylor Swift, Madonna and Angelina Jolie, said to its customers: “We are writing to inform you that an unauthorized-party gained temporary access to our system and obtained limited client information”.

“We contained the issue and have further enhanced the protection of our systems and data.”

The company said that the compromised information included names, email addresses, and countries where the customer resides.

Cartier stresses that the breach did not include more sensitive data, such as passwords, credit card numbers, or banking details.

It asked its customers to remain alert for any unsolicited communications or any other suspicious correspondence.

Read more about it here.

Apple revealed on May 27, 2025 that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone, highlighting its ongoing efforts to keep users safe.

Some of the other noteworthy statistics shared by Apple for 2024 are:

• Detected and blocked more than 10,000 illegitimate apps on pirate storefronts.
• Stopped nearly 4.6 million attempts to install or launch apps distributed illicitly outside the App Store or approved third-party marketplaces.
• Rejected more than 1.9 million App Store submissions for failing to meet Apple’s standards for security, reliability, privacy violations, or fraud concerns.
• Removed more than 37,000 apps for fraudulent activity.
• Rejected over 43,000 app submissions for containing hidden or undocumented features.
• Rejected over 320,000 submissions that copied other apps, were found to be spam, or otherwise misled users
• Rejected 400,000 app submissions for privacy violations.
• Removed more than 143 million fraudulent ratings and reviews from the App Store.
• Identified nearly 4.7 million stolen credit cards and banned over 1.6 million accounts from transacting again.

Read more about it here.

Google will pay Texas $1.375 Billion to settle two lawsuits over tracking users locations and storing biometric data without consent. This amount far exceeds previous fines over its location tracking practices: In November 2022, it paid $391 million to a group of 40 states. In January 2023, it paid $29.5 million to Indiana and Washington. In September 2023, it paid another $93 million to California.

Filed in 2022, the case accused Google of unlawfully tracking geolocation, incognito searches, and collecting biometric data without consent, even with Location History turned off.

The settlement represents a major privacy victory for Texas and a stark warning to companies against violating user trust.

Read more about it here.

Luxury UK retailer and department store Harrods confirmed on May 1, 2025 a cyberattack. This is the third UK retailer suffering a cyberattack, following earlier cyber-attacks on Co-operative Group (Co-op) and Marks and Spencer (M&S).

“We recently experienced attempts to gain unauthorised access to some of our systems.” reads a statement published by the company. “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”

“Currently all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers. Customers can also continue to shop via harrods.com.”

As of this writing, none of the retailers affected have instructed customers to take any action.

A hacking group called Scattered Spider is believed to be behind the M&S cyberattack.

Read more about it here.