An Israeli cybersecurity firm has identified Iranian government-backed hackers as the perpetrators behind a series of data breaches attributed to the fake hacktivist persona 'Ababil of Minab'. The breaches began after the start of the war in Iran, according to the firm's report. The Los Angeles transit system was among the targets, suffering a breach that took weeks to fully recover from.

The hackers, operating under the guise of hacktivists, have claimed responsibility for multiple data breaches since the conflict began. The Israeli firm's analysis traced the attacks back to Iran's government, linking the persona to state-sponsored cyber operations. The Los Angeles transit system breach disrupted services and required extensive recovery efforts.

The transit system did not immediately comment on the attribution, but officials previously acknowledged the breach and the prolonged recovery process. The hackers claimed to have stolen sensitive data, though the extent of the compromise remains unclear. The Israeli firm's report provides technical evidence connecting the attacks to Iranian state actors.

Ababil of Minab first emerged as a hacktivist group claiming to target Israeli and Western entities. However, the cybersecurity firm's investigation revealed that the group's operations align with known Iranian cyber espionage tactics. The Los Angeles transit system breach is one of several incidents attributed to this group since the war began.

The recovery process for the transit system involved restoring systems and securing networks, taking weeks to complete. Officials have not disclosed the full impact on operations or passenger data. The Israeli firm's findings underscore the ongoing threat of state-sponsored cyber attacks disguised as hacktivism.

The breach highlights the vulnerability of critical infrastructure to sophisticated cyber attacks. The Los Angeles transit system has since implemented additional security measures to prevent future incidents. The Israeli firm continues to monitor Ababil of Minab's activities, warning that further attacks are likely.

The attribution of the breach to Iranian hackers adds to tensions between Iran and Western nations. The Israeli firm's report has been shared with relevant authorities. The Los Angeles transit system has not confirmed the attribution but has cooperated with cybersecurity experts to address the breach.

As of now, the transit system has fully recovered from the breach, with no further disruptions reported. The Israeli firm's analysis provides a detailed account of the hackers' methods and connections. The incident serves as a reminder of the persistent cyber threats facing public infrastructure.

The earliest arrests under the Take It Down Act (TIDA) suggest that law enforcement can identify individuals illegally posting and selling nonconsensual sexualized deepfakes without extensive investigation. Last week, the FBI arrested two men after visiting porn websites and clicking on hashtags like #AI #Deepfakes or video titles such as "AI_tits" or "Ass_AI." The suspects were easily traced through these straightforward identifiers.

One suspect accused of violating TIDA is 20-year-old Arturo Hernandez. He allegedly posted 113 albums that were viewed nearly a million times, featuring AI-generated sexualized images and videos of approximately 50 women. The victims included political figures, actresses, and musicians, as well as women who are not public figures, such as female individuals who attended his Texas high school and an Instagram friend.

The Take It Down Act, signed into law earlier this year, makes it a federal crime to publish or distribute nonconsensual intimate images, including deepfakes. The law provides for penalties including fines and imprisonment. The FBI's approach in these cases involved monitoring public-facing platforms for obvious indicators of illegal content.

Authorities noted that the suspects did not attempt to conceal their activities, using explicit hashtags and titles that made the content easy to find. This suggests that some perpetrators may not fully understand the legal risks or the ease with which law enforcement can track them. The FBI emphasized that even basic online surveillance can yield results in such cases.

The arrests highlight the growing challenge of AI-generated nonconsensual pornography, which has proliferated with advances in generative AI. Victims often face significant emotional distress and reputational harm, and the law aims to provide a mechanism for recourse. However, enforcement relies on proactive monitoring by agencies like the FBI.

Hernandez faces charges under TIDA, and the investigation is ongoing. The FBI has not disclosed the identity of the second suspect. The cases underscore the importance of public awareness about the legal consequences of creating and sharing such content.

The Take It Down Act also includes provisions for victims to request removal of content from platforms. Tech companies are required to respond to such requests within a reasonable timeframe. The law represents a federal effort to address the harms of nonconsensual deepfakes, which have become more common with accessible AI tools.

As of now, Hernandez is in custody pending trial. The FBI continues to investigate similar cases, urging the public to report suspected violations. The agency stated that it will use all available tools to enforce TIDA and protect victims from AI-generated abuse.

A third-party website handling UK visa applications exposed thousands of applicants' sensitive documents online. The portal leaked passports and selfies submitted as part of the application process. The company behind the site has not remedied the security flaw, opting instead to involve legal counsel.

The exposed data included high-resolution images of passports and facial photographs. These documents are typically required for identity verification during visa processing. The leak potentially compromised the personal information of numerous applicants.

Security researchers discovered the vulnerability and reported it to the company. Despite the notification, the company failed to patch the issue. Instead, they responded by sending attorneys to address the matter, leaving the data exposed.

The portal is used by applicants to submit required documentation for UK visas. The breach raises concerns about the handling of sensitive personal data by third-party vendors. Applicants may face risks of identity theft or fraud due to the exposure.

The company has not publicly acknowledged the leak or provided a timeline for a fix. The lack of action has drawn criticism from cybersecurity experts. They emphasize the importance of promptly securing such vulnerabilities.

UK visa authorities have not commented on the incident. It remains unclear how many applicants were affected. The portal continues to operate without the security flaw being addressed.

The company's decision to send attorneys instead of fixing the leak has been met with dismay. The incident highlights ongoing challenges in data protection within government-adjacent services. No official statement has been released regarding next steps.

European law enforcement agencies announced they successfully infiltrated a virtual private network service that had been a haven for cybercriminals. The operation targeted First VPN, a service promoted on Russian-speaking cybercrime forums as a trusted tool for evading law enforcement. Europol revealed the results of the operation yesterday, stating that the VPN was dismantled in a coordinated international effort.

The First VPN website now displays a seizure notice, indicating the domain was taken over by joint international law enforcement action. Europol described the service as having been used by cybercriminals to conceal ransomware attacks, data theft, and other serious offenses. The agency noted that First VPN offered anonymous payments, hidden infrastructure, and features specifically designed for criminal use.

Law enforcement agencies from France and the Netherlands led the operation, with support from Europol and Eurojust. Investigators managed to hack into the VPN service, gaining access to logs and identifying thousands of users. The administrator of First VPN was arrested as part of the operation, though details about the individual's identity and location have not been disclosed.

Europol emphasized that the service had been operating for years, providing a safe haven for criminals who believed they were beyond the reach of authorities. The VPN allowed users to pay anonymously and hosted infrastructure that was deliberately obscured to hinder tracking. The takedown is seen as a significant blow to cybercriminal networks that relied on such services.

The operation highlights the increasing ability of law enforcement to target the tools and infrastructure used by cybercriminals. By compromising the VPN itself, authorities were able to gather intelligence on its user base, potentially leading to further investigations and arrests. Europol stated that the action sends a clear message that no digital space is beyond the reach of law enforcement.

First VPN was particularly popular among ransomware groups and data thieves, who used it to mask their online activities. The service's removal disrupts the operational security of these criminal enterprises, forcing them to seek alternative means of concealment. Europol did not specify how many users were identified or whether any have been arrested so far.

The seizure of First VPN is part of a broader trend of law enforcement targeting cybercriminal infrastructure. Similar operations have taken down dark web marketplaces, ransomware payment portals, and other services that facilitate illegal activities. Europol and its partners continue to monitor the cybercrime landscape for other services that may be exploited by criminals.

Europol's announcement concluded with a statement underscoring the commitment to dismantling the tools that enable cybercrime. The agency warned that those who use such services should not assume they are safe from detection. The investigation into First VPN and its users is ongoing.