The United Kingdom has imposed a new wave of sanctions targeting Kyrgyz financial institutions and cryptocurrency networks accused of facilitating Russian sanctions evasion, military procurement, and ransomware operations.

Authorities disrupted the Rapper Bot DDoS botnet, one of the most powerful DDoS botnets to date. The botnet, active since at least 2021, was responsible for over 370,000 attacks targeting 18,000 unique victims across 1,000 autonomous systems.

The Python Package Index (PyPI) has implemented a new security measure to proactively block account takeovers and supply chain attacks by un-verifying email addresses tied to expired domains.

Cybersecurity firm Profero has successfully cracked the encryption used by the DarkBit ransomware, enabling victims to recover encrypted files without paying a ransom. The ransomware is attributed to the Iran-linked MuddyWater APT group.

The US federal judiciary issued a statement confirming that its electronic case management system had been compromised in a cyberattack. The judiciary is implementing enhanced cybersecurity measures to protect sensitive legal documents and case data.

The BlackSuit ransomware operation, responsible for breaching hundreds of organizations globally, has had its dark web leak sites seized by law enforcement. This action was part of a coordinated international takedown effort, Operation Checkmate.

A suspected administrator of the notorious Russian-language cybercrime forum XSS was arrested in Ukraine on July 22, 2025. The operation was a joint effort between Ukrainian authorities, French police, and Europol.

The U.S. Department of the Treasury has sanctioned Russian hosting provider Aeza Group and four of its operators for providing bulletproof hosting services to cybercriminals.

A British IT worker has been sentenced to over seven months in prison after launching a retaliatory cyberattack against his employer’s network. Within hours of suspension, he began altering login names and passwords, disrupting internal operations.

The DOJ launched a major crackdown on a North Korean IT worker scheme, conducting raids on 29 "laptop farms" across 16 states. These workers accessed sensitive data, including International Traffic in Arms Regulations (ITAR) information.