- \n
- Brazilian banks lost $140m after an employee handed over credentials.<\/li>\n
- Russia\u2019s Faster Payments System and Telegram went down.<\/li>\n
- A basketball player was suspected of ransomware extortion.<\/li>\n
- A flaw in McDonald\u2019s AI hiring bot exposed a recruitment database.<\/li>\n<\/ul>\n<\/div>\n
Brazilian banks lose $140m after an insider hands over access<\/h2>\n
On July 7 it emerged<\/a> that one of the year\u2019s biggest cyberattacks on the banking sector had struck. Criminals stole about $140m from six Brazilian financial institutions using credentials belonging to an employee of C&M Software<\/span>.<\/p>\n
The incident occurred on June 30, when the attackers bribed Joao Nazareno Roque and obtained access to the system. According to police, he also provided instructions on specific actions that ensured the attack\u2019s success.<\/p>\n
He priced his part at $920. Later, following the attackers\u2019 guidance, he executed commands inside C&M\u2019s infrastructure. For this, he earned an additional $1,850, the outlet reports.<\/p>\n
Roque tried to cover his tracks by changing mobile phones every 15 days. However, on July 3 he was detained in S\u00e3o Paulo.<\/p>\n
Rough estimates suggest at least $30\u201340m of the haul was converted into cryptoassets. According to an on-chain investigation<\/a> by ZachXBT, the attackers moved funds into BTC, ETH and USDT via Latin American over-the-counter desks and crypto exchanges.<\/p>\n
Russia\u2019s Faster Payments System and Telegram suffer outages<\/h2>\n
On July 10, the Faster Payments System (SBP) in Russia suffered an outage<\/a>. Complaints began at 16:00 (MSK) from St Petersburg, Moscow, the Yamalo-Nenets Autonomous Okrug, Tver and Nizhny Novgorod regions, and elsewhere.<\/p>\n
The Centre for Monitoring and Managing the Public Communications Network emphasised there were no DDoS attacks on the infrastructure of \u041d\u0421\u041f\u041a<\/span>.<\/p>\n
SBP outage chart as of July 11. Source: Downdetector<\/a>.<\/figcaption><\/figure>\n On social media, users complained about bank services and being unable to transfer funds or pay via SBP.<\/p>\n
NSPK, the system\u2019s developer and operator, linked the incident to a provider. Service was restored near midnight.<\/p>\n
On June 7 a large-scale Telegram outage occurred<\/a>. Russian users complained<\/a> about unavailable notifications, problems sending messages and loading the app.<\/p>\n
Basketball player suspected of cyber extortion <\/h2>\n
On July 9 it became known<\/a> that Russian professional basketball player Daniil Kasatkin had been detained. According to media reports, he was arrested on June 21 at Charles de Gaulle airport in France at the request of US authorities. He is accused of serving as a negotiator for a hacker network that used ransomware.<\/p>\n
Kasatkin is currently in custody, and US representatives are seeking his extradition to face charges. His lawyer has asserted his innocence.<\/p>\n
The gang\u2019s name has not been disclosed. It is known only that between 2020 and 2022 the attackers carried out more than 900 attacks on various organisations, including two federal agencies.<\/p>\n
A flaw in McDonald\u2019s AI bot exposed its hiring database<\/h2>\n
According to Wired<\/a>, on June 9 researchers Ian Carroll and Sam Curry discovered critical vulnerabilities in the McHire system. The platform recruits employees for McDonald\u2019s using an AI bot named Olivia.<\/p>\n
Using rudimentary passwords such as \u201c123456\u201d, the researchers gained access to the admin panel of the platform\u2019s developer, Paradox.ai. It contained a database with 64m records, including applicants\u2019 names, emails and phone numbers. Access had been open since 2019 without two-factor authentication.<\/p>\n
\n
When applying for a job at McDonald's, over 90% of franchises use "Olivia," an AI-powered chatbot. We (@iangcarroll<\/a> and I) discovered a vulnerability that could allow an attacker to access the over 64 million chat records using the password "123456".https:\/\/t.co\/dBqpRpdp9T<\/a><\/p>\n
\u2014 Sam Curry (@samwcyo) July 9, 2025<\/a><\/p><\/blockquote>\n
![\"\u041a\u0440\u0430\u0436\u0430](\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcpt87IpD24givV1IjnFqV-5mjXcWAcbvX0itO1NyZ1p-Ruq7NlBoOoxovId4nNvaaPZ4C8eUCilmUlF9bYbO5rjM5sg-_5THP1E8MU25FDb3JzhthYUSKpmi-kEgWp45T4A02PXA?key=mzzaRZeoRBnHzj3gvzONqQ\")