Binance reported attempts to copy customers' faces using AI. Telegram did not acknowledge the vulnerability with ”session invalidation”. Alleged serial bitcoin extortionist indicted in U.S. Binance reported attempts to copy customers' faces using AI Fraudsters are using AI to copy the faces of customers of cryptocurrency exchange Binance and further bypass the biometrics verification system to steal assets. The platform's team warned users about this. Attackers use publicly available or stolen photos and videos from databases as the basis of a fake 3D facial model. Bypassing the verification system is often combined with password cracking and 2FA attempts. Attacks on unsecured phones and desktops with access to Binance can be carried out remotely, via malware. The exchange team is actively monitoring the threat and urges users to remain vigilant. Telegram denied the existence of a vulnerability with ”session invalidation” The author of Telegram channel ”IT Dig” discovered a vulnerability in the messenger that allows access to user accounts without a password or MFA verification, and notified the developers about it. According to him, the problem arises when authorization via Telegram widget on third-party sites, primarily in the messenger's built-in browser. Such authorizations can create sessions with elevated rights - they allow reading chats, receiving calls without entering a cloud password and notifying the account owner; The main danger is that an attacker can intercept the authorization token and use it on their device, the expert added. He believes that it was this bug that caused the theft of 200 million rubles (~$3 million) worth of cryptocurrency from his client in early 2025. To avoid such risks, the author of the post recommended users to clear the history of the built-in Telegram browser, disable all active web sessions and widgets. Telegram officially refuted the existence of the vulnerability, claiming that the researcher misinterpreted the mechanism of different types of authorizations. In turn, the specialist considers that the response of the messenger team contradicts the content of his video. An alleged serial bitcoin extortionist has been indicted in the US The US Department of Justice charged a Yemeni national, the likely developer and primary operator of the Black Kingdom ransomware virus, for carrying out 1,500 attacks on Microsoft Exchange servers. According to the case file, between March 2021 and June 2023, 36-year-old Rami Khaled Ahmed and his accomplices infected computer networks with the encryptor and demanded a ransom of $10,000 in bitcoins. Its victims included a medical company in Encino, a ski resort in Oregon, a school district in Pennsylvania and a health clinic in Wisconsin. Authorities emphasized that the Black Kingdom virus was created specifically to exploit a vulnerability in Microsoft Exchange Server and access target computers. Ahmed faces up to 15 years in prison on combined charges of conspiracy, willful damage to a protected computer, and threatening to do so. iPhone owners have been attacked by spyware Apple has notified a number of users in over a hundred countries of a large-scale attack by government spyware. This is reported by TechCrunch . The victims include Italian journalist Ciro Pellegrino and Dutch right-wing activist Eva Vlaardingerbroek. The spyware allows access to personal data, correspondence, microphone and camera without the owner's consent. It is currently unclear which group is behind the targeted attacks. Alerted iPhone owners are advised to immediately update iOS to the latest version 18.4.1. and enable Lockdown Mode for increased protection. TikTok to pay €530 million for EU data that went to China The Irish Data Protection Commission (DPC) fines TikTok €530 million (more than $601 million) for illegally transferring users' personal data from the European Economic Area to China in violation of EU data protection regulations; The social network was also accused of lacking transparency. TikTok has been ordered to bring its data processing into compliance within six months. The DPC plans to suspend all data transfers to China if the company fails to meet the deadline. RansomHub ransomware program has gone offline Group-IB experts reported that the online infrastructure of the RansomHub ransomware group has ”for unexplained reasons” stopped working since April 1. A number of experts attributed this to the ”departure of many participants” that followed downtime in the syndicate's operations beginning in November 2024. The problems accelerated when rival RaaS group DragonForce claimed that RansomHub had allegedly decided to switch to their infrastructure as part of a new ” сartel of ransomware.” Some affiliates may have gone to Qilin, given the doubling of disclosures on its leak site since February. By some estimates, RansomHub operators stole data from more than 200 victims in about a year of activity. This RaaS group replaced the shuttered LockBit and BlackCat and attracted their partners, including Scattered Spider and Evil Corp, through the lucrative distribution of payments received from victims.
