THIS IS NOT JUST BOILERPLATE – METACURITY NEEDS YOUR HELP
Metacurity is a reader-supported publication that requires significant work and non-trivial expenses. We rely on the generous support of our paid readers. Please consider upgrading your subscription to support Metacurity’s ongoing work. Thank you.
If you’re unable to commit to a subscription today, please consider donating whatever you can. Thank you!
The incident comes amid increasing hostilities between Israel and Iran, after Israel attacked multiple military and nuclear targets in Iran last week.
The group said it hacked the bank because it “circumvented international sanctions and used the people of Iran’s money to finance the regime’s terrorist proxies, its ballistic missile program and its military nuclear program.”
“Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there,” Rob Joyce, the former top cybersecurity official at the NSA, said.
“Any cyber response to this whole episode is probably going to take time. There’s likely to be significant cyber activity, but it may take some time for these operations to spin up,” John Hultquist, chief analyst at Google Threat Intelligence Group, said.
The bank’s website was offline on Tuesday, and its London-based subsidiary, Bank Sepah International plc, did not immediately respond to an emailed request for comment. Customers were having problems accessing their accounts, according to Israeli media. (AJ Vicens and James Pearson / Reuters and Matt Kapko / Cyberscoop)
Related: TechCrunch, Iran International, Haaretz, Jerusalem Post, Digital Watch Observatory, HealthcareInfoSecurity.com, Axios, The Record, Times of Israel, The Times, JNS, BankInfoSecurity, Iran International, Long War Journal, DigWatch, Middle East Forum, AL-Monitor, Bloomberg, Ynet News, The Register
The group said it would “release Nobitex’s source code and internal information from their internal network” in 24 hours.
Nobitex deals in digital currencies and crypto. According to the group, the crypto company assists the regime in funding Iranian terrorism and uses virtual currencies to bypass sanctions.
The hacker group, which is reportedly affiliated with Israel, targeted Nobitex and stole $48 million in total.
The hackers warned Iranians: “Collaborating with a terrorist financing infrastructure puts your assets at risk! Act before it’s too late. (Amichai Stein / Jerusalem Post)
Related: Crypto Briefing, CCN, Coindesk, TronWeekly, Israel National News, Türkiye, Coinfomania, Coinpedia
In a statement, WhatsApp said it was “concerned these false reports will be an excuse for our services to be blocked at a time when people need them the most.” WhatsApp uses end-to-end encryption, meaning a service provider in the middle can’t read a message.
“We do not track your precise location, we don’t keep logs of who everyone is messaging, and we do not track the personal messages people are sending one another,” it added. “We do not provide bulk information to any government.”
However, Gregory Falco, an assistant professor of engineering at Cornell University and cybersecurity expert, said it’s been demonstrated that it’s possible to understand WhatsApp metadata that is not encrypted.
Iran has blocked access to various social media platforms over the years, but many people use proxies and virtual private networks, or VPNs, to access them. It banned WhatsApp and Google Play in 2022 during mass protests against the government over the death of a woman held by the country’s morality police. (Kelvin Chan and Barbara Ortutay / Associated Press)
Related: CBS News, Middle East Eye, Mint, Al Jazeera, EuroNews, The Conversation, Iraqi News
The drop appears to be a result of a decision by Iran’s government, rather than Israeli strikes on infrastructure. Fatemeh Mohajerani, a spokesperson for Iran’s government, said it had restricted internet access in response to Israeli cyberattacks.
Iran’s government has historically shut down or reduced its internet connectivity with the outside world in times of civil unrest. Most recently, in 2019, it implemented a six-day complete blackout as protesters took to the streets across the country and the government issued a crackdown on civilians, reportedly leading to the deaths of more than 100 people. (Kevin Collier / NBC News)
Related: DL News, The Verge, CBS News, Ukrainian National News, Cryptopolitan, r/worldnews, Slashdot
“Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” said John Hultquist, chief analyst for Google Threat Intelligence Group.
As the conflict evolves — and particularly if the US decides to strike Iran directly — “targets in the United States could be reprioritized for action by Iran’s cyber threat capability,” he said.
Beyond federal resources, thousands of the nation’s critical infrastructure operators turn to information sharing and analysis centers and organizations, or ISACs, for threat intelligence.
The Food and Ag-ISAC, whose members include the Hershey Company, Tyson, and Conagra, and the Information Technology ISAC, whose members include Intel, IBM, and AT&T, issued a joint alert late last week, strongly urging US companies to step up their security efforts to prepare for likely Iranian cyberattacks.
ISACs for the electricity, aviation, financial services, and state and local government sectors are also on alert.
Jabbour said his organization is working with the National Council of ISACs on scanning for these threats, and noted that the council had stood up a program following the first strikes by Israel on Iran late last week to monitor for specific threats to US infrastructure. (Maggie Miller / Politico)
In 2023, hackers stole private data on over 6.9 million users over a months-long campaign by accessing thousands of accounts using stolen credentials. 23andMe did not require its users to use multi-factor authentication, which the ICO said broke U.K. data protection law. (Zack Whittaker / TechCrunch and Global News)
Related: ICO, Business Matters, Tech Monitor, BBC News, TechRadar, Computing, Nasdaq, Globe and Mail, MakeUseOf, CNET, The Canadian Press
Their report comes amid rising concern about how Chinese spy agencies will use AI to power covert actions, as Western intelligence services also embrace the technology.
The researchers reviewed the People’s Liberation Army’s patent applications, publicly available contracts, and other material to better understand how China’s military and intelligence services have invested in artificial intelligence.
Recorded Future found that China is probably using a mix of large language models and technology to analyze vast amounts of data and communicate its results in human language. Meta and OpenAI are thought to be among the American models China uses, along with Chinese models from DeepSeek, Zhipu AI, and others. (Julian E. Barnes / The New York Times)
Related: Recorded Future, Recorded Future
According to the FTC, Paddle failed to perform adequate screening and fraud prevention, enabling foreign operators like Restoro, Reimage, and PC Vark to exploit the US credit card system.
These schemes used fake virus alerts and pop-up warnings, often impersonating Microsoft or McAfee, to lure consumers into buying unneeded software or tech support services and charged them via unauthorized subscription renewals.
PC Vark sold scareware through deceptive alerts and routed victims to call centers. Paddle processed $12.5 million for PC Vark, despite numerous complaints and chargeback rates exceeding 7%. (Bill Toulas / Bleeping Computer)
Related: FTC, Fintech Futures, PYMNTS, Payments Journal, Finextra
Swiss newspaper Le Temps (in French only, behind paywall) said that files containing details of tens of thousands of UBS employees were stolen from the Baar-based business service company Chain IQ, whose website lists KPMG and Mizuho among its clients.
“A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS said.
“As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
Le Temps reported that the leaked cache also included the number of a direct internal line to UBS CEO Sergio Ermotti.
Chain IQ said it and 19 other companies were targeted in the attack, resulting in leaked data being published online on the darknet. (Oliver Hirt, Dave Graham, Tomasz Janowski, and Bernadette Baum / Reuters)
Related: Wall Street Journal, Bloomberg, Swiss.info
“At this time, we have control of our systems,” the statement read. “We have seen no evidence of ransomware, and there is no indication of ongoing threat actor activity.”
On June 8, Erie Insurance confirmed that an outage had affected all its systems and locked customers out of their online accounts. On June 11, in a filing with the Securities and Exchange Commission, Erie Insurance described the event as an “information security event” and said it was working with law enforcement.
Despite the company indicating no ransomware involvement, two federal class-action lawsuits have been filed, claiming the outage was caused by such an attack. Neither suit provides evidence to support the claim. (A.J. Rao / GoErie)
Related: Erie Insurance, Cybernews, Insurance Journal, YourErie
Scania said the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met.
Late last week, threat monitoring platform Hackmanac spotted a hacking forum post by a threat actor named ‘hensi,’ selling data they claimed to have stolen from ‘insurance.scania.com,’ offering it to a single exclusive buyer.
Scania said their systems were breached on May 28, 2025, using an external IT partner’s credentials stolen by infostealer malware. (Bill Toulas / Bleeping Computer)
Related: Cyber Daily, Techzine, GBHackers, SC Media
The grocery chain said it had not yet wholly recovered from being targeted by hackers last month, who stole a significant amount of customer data.
Although the offer appears generous, one analyst said most customers do not spend £40 or more per shop, so it would not appeal to many people.
The one-off deal, which runs from Wednesday for a week, is open to existing Co-op members and any shoppers wanting to sign up, but not to staff. (Tom Espiner / BBC News)
Related: Retail Gazette, The Independent, The Standard, Tech Digest, Daily Record, Manchester Evening News, Liverpool Echo
The attackers are delivering malware through phishing emails impersonating Taiwan’s National Taxation Bureau and other government entities, using themes related to taxes, pensions, and public services.
Data that the adversary has been harvesting includes user information, IP address, computer name, and system-related information such as operating system and version, system architecture, CPU frequency, processor count, memory size, and registry values. (Jai Vijayan / Dark Reading)
Related: Fortinet
The attack was foiled by low liquidity and a pause on the exploited smart contract.
The attacker was able to mint 9,705 of the liquid staking protocol’s token mpETH worth nearly $27 million, but only managed to steal around 52.5 Ether (ETH), worth just over $132,000 from the liquidity swap pools, Meta Pool said.
It added that some of the affected pools had low liquidity and volumes, making it harder for the attack to be carried out. Its “early detection systems” helped its team quickly pause the affected contract, preventing “further unauthorized activity or additional losses.”
Meta Pool co-founder Claudio Cossio said the hacker exploited a “fast unstake functionality,” allowing them to mint thousands of mpETH tokens.
Generally, after unstacking crypto, there is a waiting period before it becomes transferable; however, with fast unstacking, also known as flash unstacking, the waiting period is voided, provided specific conditions are met.
Blockchain security firm PeckShield posted to X that the staking contract had a “critical bug,” which allowed the hacker to mint mpETH for free, but the “low liquidity of mpETH limited the profit.” (Stephen Katte / Cointelegraph)
Related: Meta Pool, Web3IsGoingJustGreat, CoinDesk, Crypto News
Alex Protocol said the breach was caused by a vulnerability in its self-listing verification logic. The attacker used the flaw to drain liquidity from several asset pools.
In response to the incident, Alex Lab Foundation, the organization supporting the protocol, pledged to reimburse affected users using its full treasury reserves. (Ezra Reguerra / Cointelegraph)
Related: Web3IsGoingJustGreat, The Block, Crypto Briefing
The group claimed at least 73 attacks on Thai organizations in the two weeks following a May 28 incident in which a Cambodian soldier was killed in a skirmish with Thai forces.
The hacktivist group first claimed attacks on Thai government websites in March, and expanded their scope to Thai academic and private-sector entities that same month.
Their attacks typically involve distributed denial-of-service (DDoS) campaigns, which flood and often paralyze targeted servers with traffic and defacement. The group reportedly increased its activity after the Thai army stated on June 6 that it is “now ready for a high-level military operation.”
Almost half of the observed incidents involve Thai government or military websites, while manufacturing companies account for more than a quarter of claimed targets.
According to the cyber analysis site Hackmanac, between June 4 and June 10, the group claimed to target the Thai Ministry of Defense, the Ministry of Foreign Affairs, and the Bangkok Metropolitan Administration, among others. (James Reddick / The Record)
Related: Radware
According to a statement posted on its website, the company announced that it would distribute 5,000 won ($3.60) vouchers to all users who made online purchases in the past year. These vouchers can be used to purchase books, albums, and tickets for performances and shows.
Yes24 will also provide a free shipping coupon to all users who purchased products online in the past 12 months, while those who bought e-books during the same period will receive a 5,000 won voucher exclusively for e-book purchases.
Details such as voucher expiration dates are available in the notice posted on the company’s website. (Korea JoongAng Daily)
Related: Allkpop, Maeil Business Newspaper, Chosun Biz
The data exposure was due to a logic flaw in the MCP system and not the result of a hack, but the risk that arises from the incident could still be significant in some cases.
However, a software bug in the MCP server exposed data from Asana instances to other MCP users, with the data type being limited to each user’s access scope.
The MCP server had been taken offline, but Asana’s status page indicates that it has returned to normal operational status as planned on June 17, 17:00 UTC. (Bill Toulas / Bleeping Computer)
Related: Upguard
DragonForce listed the company in a 17 June update, in which it claimed to have stolen 106.84 gigabytes of data from it.
The data has already been published in full and appears to consist of two folders, labelled Engineering and Operations, respectively. The documents include historical site, customer reports, and detailed technical drawings of equipment. One folder, however, contains pathology and medical reports relating to several of Pressure Dynamics’ employees.
Pressure Dynamics has said it is aware of the hackers’ claims. A company spokesperson told Cyber Daily that it has been in touch with staff and clients impacted by the event and that the relevant authorities have been informed. (David Hollingworth / Cyber Daily)
Related: HookPhish
Some commercial AI companies have sought to build guardrails into their models for safety and security, preventing them from explicitly coding malware or relaying detailed instructions for building bombs or other malicious behaviors. A parallel underground market has emerged offering to sell more uncensored versions of the technology.
These “WormGPTs,” named after one of the original AI tools first advertised on underground hacker forums in 2023, are usually cobbled together from open-source models and other toolsets and can generate code, search for and analyze vulnerabilities, and are then marketed and sold online.
Catp discovered previously unreported WormGPT variants powered by xAI’s Grok and Mistral AI’s Mixtral.
The pricing structure for these tools ranges from subscription-based payment models (around €550 or $631 for a yearly license) to private setups, which can cost as high as €5,000 or $5,740. (Derek B. Johnson / Cyberscoop)
Related: Cato Networks
The data, including prescription drug names and dosages, was sent by web trackers on state exchanges set up under the Affordable Care Act to help Americans purchase health coverage.
The exchange websites ask users to answer questions about their health histories to find the most relevant information on plans. However, when visitors sometimes respond to sensitive questions, the invisible trackers send that information to platforms like Google, LinkedIn, and Snapchat.
The Markup and CalMatters audited the websites of all 19 states that independently operate their own online health exchanges. While most of the sites contained advertising trackers of some kind, the Markup and CalMatters found that four states, Nevada, Maine, Rhode Island, and Massachusetts, exposed visitors’ sensitive health information.
After being contacted by The Markup and CalMatters, Nevada’s health exchange stopped sending visitors’ data to Snapchat, and Massachusetts stopped sending data to LinkedIn. The Markup and CalMatters also found that Nevada stopped sending data to LinkedIn in early May, as we were testing. (Colin Lecher and Tomas Apodaca / The Markup)
Related: GitHub
The letter cited a May New York Times article reporting that the Trump administration had broadened Palantir’s work across the government, with the company receiving more than $113 million in federal government spending since President Trump took office.
Officials said the White House was laying the groundwork, partly by using Palantir technology, to consolidate data across the government and compile a master list of potential personal information on Americans.
Senator Ron Wyden of Oregon and Representative Alexandria Ocasio-Cortez of New York drafted the letter. Other members of Congress who signed included Senators Elizabeth Warren and Edward J. Markey of Massachusetts.
After The Times published the article about Palantir, the company said on X that the report “is blatantly untrue” and published a blog post denying it was a vendor on a project to unify databases across federal agencies.
The company said, “Palantir does not build surveillance technology, and we are not building a central database on Americans — nor will we.” (Sheera Frenkel / New York Times)
Related: Wyden-AOC Letter, FedScoop, The Hill, Nextgov/FCW
The report also blames power generators for the worst-ever blackout to hit Spain and Portugal. Some conventional power plants, such as nuclear and gas-fired plants, failed to help maintain an appropriate voltage level in the power system that day.
“The system did not have sufficient voltage control capabilities,” Spanish Energy Minister Sara Aagesen said.
While several factors contributed to that day’s events, Aagesen confirmed that the ultimate cause was a voltage surge that the grid could not absorb. This surge triggered a cascade of generation disconnections.
The government said it would propose measures to strengthen the grid and improve its ability to control voltage in the system. It would also push to integrate the peninsula with the European grid further, it said. (Inti Landauro, David Latona and Pietro Lombardi / Reuters)
Related: Sky News, Associated Press, The Guardian, Financial Times, Bloomberg, The European Conservative, France24
Karoline Leavitt, the White House press secretary, said Trump would sign an executive order this week giving TikTok 90 more days, to mid-September, to find a new owner to comply with a federal law that requires the company to change its ownership structure to resolve national security concerns. TikTok’s current deadline is Thursday. (Sapna Maheshwari / New York Times)
Related: CNBC, CNN, NBC News, Silicon Republic, Thurrott, Axios, GSMArena.com, Politico, Financial Times, USA Today, Variety, Business Insider, SiliconANGLE, Ukrainian National News, SFist, Business Standard, Mashable, The Register, Agence France-Presse, Digital Music News, BBC, Engadget, MacRumors, Forbes, 9to5Mac, Raw Story, The Verge, Wall Street Journal, Forexlive, ZeroHedge News, Bloomberg, CBS News, The Hill, Above the Law, KEYE
The Foundation for the Defense of Democracies recommends that the US government should act as a reinsurer to accelerate the maturation of the cyber insurance market.
Researchers at EON report that half of organizations have difficulty locating backup data when they need it.
