AI at fraudsters’ service, Ukrainian phishers dismantled, and other cybersecurity developments

Here are the past week’s key cybersecurity stories.

An AI code editor enabled a $500,000 crypto heist

Researchers at Kaspersky Lab reported the findings of an investigation into an incident that targeted a blockchain developer in Russia.

In June a fake extension for the Cursor AI IDE infected the victim’s devices with remote-access tools and infostealers. The compromise led to the theft of $500,000 in cryptocurrency.

Cursor AI IDE is an AI-enabled development environment based on Microsoft Visual Studio Code. It supports installing extensions via Open VSX, an alternative to the official Visual Studio Marketplace.

The malicious extension, titled Solidity Language, was presented as a syntax-highlighting tool for Ethereum smart contracts. Notably, the victim’s OS had been installed only days before the incident, with just essential, popular software added to the compromised device.

EU residents ensnared in a Ukrainian cyber ring

In June Ukrainian cyber police, working with Czech law enforcement, concluded an investigation into a network of fraudulent call centres that had operated for a year and a half.

According to police, the criminals responded to online listings in the Czech Republic, Poland and other EU countries and sent sellers phishing links—purportedly for payment. The links led to spoofed pages mimicking well-known payment services, granting access to victims’ banking data. Part of the stolen 1.5 million hryvnia was converted into cryptocurrency.

About 40 people took part in the scheme. Four organisers and ten operatives have been charged. As part of the criminal case, 29 searches were carried out across six regions of Ukraine; the suspects face up to 12 years in prison.

Gemini executes a malicious prompt

An information-security specialist and manager of 0DIN’s bounty programme focused on LLM, Marco Figueroa, disclosed Gemini’s susceptibility to prompt-injection attacks.

Google Gemini for Workspace can be used to generate email summaries that look legitimate yet contain malicious instructions and messages that steer users to phishing sites.

The attack hinges on crafting an email with an invisible directive. An adversary can hide a malicious instruction at the end of the message by setting the font size to zero or colouring it white.

Because there are no suspicious attachments or links, the message is likely to reach the recipient’s inbox. If the recipient opens the email and asks Gemini to summarise it, the AI will read the invisible instruction and execute it.

In Figueroa’s example, Gemini follows the malicious prompts and displays a warning that the user’s Gmail password may have been compromised. The message includes a fake support phone number that unwary users might call.

Criminals laundered $21.8bn via decentralised protocols

According to an Elliptic report, in 2025 criminals moved $21.8bn in ill-gotten funds through DEX, cross-chain bridges and conversion services. Of that, about $2.5bn was linked to North Korean hackers and roughly $300m to sanctioned Iranian crypto services.

Fraudsters use cross-chain bridges to obscure the origin of funds, launder money or circumvent blacklists imposed by the issuers of the Tether and Circle stablecoins.

Such cross-network abuse includes:

• investment schemes;
• meme-coin scams;
• sanctions evasion;
• other forms of fraud.

The analysts say the global volume of “decentralised” crime has tripled from 2023, when Elliptic tallied $7bn.

They expect crypto scammers to exploit public interest and new technologies more aggressively. Extra caution is advised during market upswings, when the influx of novices grows.

The report notes that a third of complex investigations involved three blockchains; more than five networks were involved in 27% of cases; and more than ten in 20% of operations.

Only 1.5% of 10m passwords are “strong”

On 15 July a research team at Specops Software analysed 10m random passwords drawn from a corpus of more than 1bn compromised credentials. The study included a visual heatmap showing the most common combinations of password length and complexity.

Only 1.5% qualified as “strong”.

The research highlights organisational security complacency. Many firms still allow employees to use weak passwords that are easy prey for cybercriminals.

For the analysis, a strong password contained at least 15 characters and several different character classes, including digits, uppercase letters and special symbols.

Healthcare megabreach hits 5.4m people

According to TechCrunch, Episource, a major medical billing firm, notified U.S. residents that their personal and medical data had been stolen in a cyberattack earlier this year. The breach affected more than 5.4m people, making it one of 2025’s biggest in the healthcare sector.

Episource handles claims optimisation for physicians, hospitals and other healthcare organisations, processing large volumes of personal and medical information for insurance submissions.

Experts say the breach lasted a week and ended on 6 February. Stolen data includes:

• personal data (names, mailing and email addresses, phone numbers);
• confidential medical information (medical record numbers, information about physicians, diagnoses, prescriptions, test results and examinations);
• health insurance data (programme names, policy numbers).

Although Episource has not specified the nature of the incident, the company’s partner Sharp Healthcare informed clients that it was the result of a ransomware attack.

End-of-train device vulnerability

On 10 July the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about a vulnerability. Since its discovery, the Association of American Railroads took 12 years to stop using a radio protocol that can activate train brakes anywhere in North America.

The radio protocol links the locomotive to devices mounted on the last car.

Such devices collect telemetry from the rear of the train—particularly important for long freight consists over a kilometre in length. The hardware can also receive commands from engineers, the most important being to brake the rear of the train.

An attacker with inexpensive equipment worth about $500 and a software-defined radio can issue commands to trigger the brakes.

Also on ForkLog:

• Developers found a way to protect Bitcoin from quantum attacks.
• BigONE was hacked for $27m.
• Darknet marketplace Abacus Market is suspected of a $12m exit scam.
• Losses from the Arcadia Finance protocol hack totalled ~$2.5m.
• A Tornado Cash co-founder announced an urgent $1.5m fundraising for court proceedings.
• MoonPay executives sent $250,000 to a fake Steve Witkoff.

What to read this weekend?

A decade ago he was called an alarmist; today his books read like a manual for the digital world. Why Evgeny Morozov is more relevant than ever in an era of data maximalism and AI hype—read the new instalment of “Silicon Tanks” from ForkLog.