Europol Shuts Down First VPN Used by Cybercriminals, Arrests Administrator
European law enforcement agencies hacked into First VPN, a service used by cybercriminals for ransomware attacks and data theft, identifying thousands of users before shutting it down and arresting its administrator. The operation was led by France and the Netherlands with support from Europol and Eurojust.
European law enforcement agencies announced they successfully infiltrated a virtual private network service that had been a haven for cybercriminals. The operation targeted First VPN, a service promoted on Russian-speaking cybercrime forums as a trusted tool for evading law enforcement. Europol revealed the results of the operation yesterday, stating that the VPN was dismantled in a coordinated international effort.
The First VPN website now displays a seizure notice, indicating the domain was taken over by joint international law enforcement action. Europol described the service as having been used by cybercriminals to conceal ransomware attacks, data theft, and other serious offenses. The agency noted that First VPN offered anonymous payments, hidden infrastructure, and features specifically designed for criminal use.
Law enforcement agencies from France and the Netherlands led the operation, with support from Europol and Eurojust. Investigators managed to hack into the VPN service, gaining access to logs and identifying thousands of users. The administrator of First VPN was arrested as part of the operation, though details about the individual's identity and location have not been disclosed.
Europol emphasized that the service had been operating for years, providing a safe haven for criminals who believed they were beyond the reach of authorities. The VPN allowed users to pay anonymously and hosted infrastructure that was deliberately obscured to hinder tracking. The takedown is seen as a significant blow to cybercriminal networks that relied on such services.
The operation highlights the increasing ability of law enforcement to target the tools and infrastructure used by cybercriminals. By compromising the VPN itself, authorities were able to gather intelligence on its user base, potentially leading to further investigations and arrests. Europol stated that the action sends a clear message that no digital space is beyond the reach of law enforcement.
First VPN was particularly popular among ransomware groups and data thieves, who used it to mask their online activities. The service's removal disrupts the operational security of these criminal enterprises, forcing them to seek alternative means of concealment. Europol did not specify how many users were identified or whether any have been arrested so far.
The seizure of First VPN is part of a broader trend of law enforcement targeting cybercriminal infrastructure. Similar operations have taken down dark web marketplaces, ransomware payment portals, and other services that facilitate illegal activities. Europol and its partners continue to monitor the cybercrime landscape for other services that may be exploited by criminals.
Europol's announcement concluded with a statement underscoring the commitment to dismantling the tools that enable cybercrime. The agency warned that those who use such services should not assume they are safe from detection. The investigation into First VPN and its users is ongoing.
Report: Iran Used Binance to Move Billions Despite Sanctions
The Wall Street Journal reported that Iran funneled billions of dollars through Binance to fund its military, circumventing international sanctions. The exchange allegedly facilitated transactions for Iranian entities despite U.S. restrictions.
The Wall Street Journal published a report alleging that Iran used the cryptocurrency exchange Binance to move billions of dollars, bypassing international sanctions. The funds were reportedly directed toward supporting the country's military activities. The report claims that Binance processed transactions for Iranian entities even after the U.S. Treasury imposed sanctions on Iran in 2018.
According to the Journal, Iranian companies and individuals used Binance to convert Iranian rials into cryptocurrencies, which were then transferred abroad. The exchange allegedly did not enforce know-your-customer (KYC) checks for these transactions, allowing the flow of funds to continue. The report cites internal Binance documents and former employees.
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has strict prohibitions on providing financial services to Iran. Binance has previously stated that it complies with sanctions and blocks accounts from sanctioned countries. However, the Journal's investigation suggests that Binance's compliance measures were insufficient.
Binance responded to the report by stating that it has since strengthened its compliance protocols. The exchange said it has invested in advanced screening tools and increased its compliance team. Binance also noted that it has blocked accounts linked to Iran and other sanctioned jurisdictions.
The report comes amid increased scrutiny of cryptocurrency exchanges by regulators worldwide. Binance has faced legal challenges in multiple countries, including the U.S., where the Securities and Exchange Commission has filed a lawsuit against the exchange. The allegations regarding Iran could add to Binance's regulatory troubles.
Iran has faced severe economic sanctions from the U.S. and other nations, limiting its access to the global financial system. The country has turned to cryptocurrencies as a means to circumvent these restrictions. Iranian officials have acknowledged using digital assets to bypass sanctions.
The Wall Street Journal's findings are based on a review of financial records and interviews with former Binance employees. The report does not specify the exact amount of funds funneled through Binance but describes it as billions of dollars. Binance has not confirmed the figures.
As of now, Binance has not issued a detailed rebuttal to the Journal's report. The exchange reiterated its commitment to compliance and said it would continue to cooperate with regulators. The U.S. Treasury has not commented on the allegations.
Trump Mobile confirms customer data breach exposing phone numbers and addresses
Trump Mobile, the cell phone maker and provider associated with President Trump, confirmed a data breach that exposed customers' personal information, including phone numbers and home addresses. The company attributed the exposure to a third-party platform and is evaluating whether to notify affected customers.
Trump Mobile has confirmed that a data breach exposed customers' personal information, including phone numbers and home addresses. The company, which produces and provides cell phones branded with President Trump's name, said the incident was linked to a third-party platform. Trump Mobile is currently evaluating whether it needs to notify customers about the exposure.
The breach involved sensitive personal data, raising concerns about privacy and security for users of the Trump-branded devices. The company did not disclose the number of affected customers or the specific third-party platform involved. Trump Mobile stated that it is investigating the incident and working to prevent future occurrences.
This is not the first time Trump Mobile has faced security issues. The company has previously been criticized for its data handling practices. The latest breach underscores ongoing challenges in protecting customer information in the mobile phone industry.
Customers who may have been affected are advised to monitor their accounts for suspicious activity. Trump Mobile has not yet provided guidance on steps customers should take to protect themselves. The company said it will provide updates as the investigation progresses.
The breach comes at a time when data privacy is a major concern for consumers. Regulatory bodies may scrutinize Trump Mobile's response to the incident. The company could face legal repercussions if it failed to adequately protect customer data.
Trump Mobile has not specified a timeline for notifying customers or completing its investigation. The company emphasized its commitment to security and apologized for any inconvenience caused. It urged customers to remain vigilant.
As of now, no further details about the breach have been released. Trump Mobile said it will cooperate with authorities if necessary. The company's evaluation of whether to notify customers will depend on the findings of its investigation.
Apple blocked $2.2B in fraudulent transactions on App Store in 2025
Apple prevented over $2.2 billion in potentially fraudulent transactions on the App Store in 2025. The company also rejected more than 2 million problematic app submissions and blocked over 1.1 billion fraudulent account creations.
Apple released its annual fraud prevention analysis on Wednesday, detailing the company's efforts to maintain security and trust within the App Store ecosystem. The report covers the 2025 calendar year, highlighting the scale of fraudulent activity the company faced.
According to the report, Apple prevented over $2.2 billion in potentially fraudulent transactions. This figure includes blocked transactions from stolen credit cards, phishing schemes, and other deceptive practices targeting both users and developers.
The company rejected more than 2 million app submissions for various violations, including privacy concerns, misleading descriptions, and hidden functionality. Apple also terminated over 1.1 billion fraudulent account creations, many of which were automated bots designed to manipulate app rankings or commit fraud.
Apple's fraud prevention systems identified and blocked 3.5 million stolen credit cards from being used on the App Store. Additionally, the company deactivated over 1.5 million developer accounts for suspicious activity, preventing them from distributing apps.
The report noted that Apple's review process involves both automated systems and human reviewers. The company uses machine learning models to detect patterns of abuse, while human experts handle complex cases that require nuanced judgment.
Apple emphasized that these efforts protect both consumers and legitimate developers. By removing fraudulent apps and accounts, the company aims to maintain a safe environment for users and ensure fair competition among developers.
The company also highlighted its ongoing investments in security infrastructure. Apple continues to refine its detection algorithms and expand its review team to address emerging threats.
"Our commitment to protecting users and developers is unwavering," said an Apple spokesperson in the report. "We will continue to invest in advanced technologies and processes to stay ahead of bad actors."
The full fraud prevention analysis is available on Apple's website, providing detailed breakdowns of the types of fraud detected and the actions taken throughout 2025.
Kash Patel’s clothing brand website taken offline following hacking reports
The website for Kash Patel’s clothing brand was shut down after users reported it had been hacked. Hackers allegedly hijacked the site to trick visitors into installing malware.
The website for a clothing brand associated with Kash Patel, a former Trump administration official, was taken offline after reports emerged that it had been compromised. Users on X, formerly known as Twitter, flagged the site as potentially malicious, claiming hackers had gained control. The incident prompted the shutdown to prevent further harm to visitors.
According to multiple posts on the social media platform, the hacked website was being used to distribute malware. Visitors who accessed the site were reportedly redirected to pages that attempted to install malicious software on their devices. The exact nature of the malware and the extent of the compromise remain unclear.
Kash Patel, who served as chief of staff to the acting secretary of defense under President Donald Trump, launched the clothing brand earlier this year. The brand sells apparel and accessories, with some items featuring political slogans. Patel has not yet publicly commented on the hacking incident.
The website’s domain now displays a message indicating it is unavailable. It is unknown when the site will be restored or if it will be relaunched with additional security measures. Cybersecurity experts recommend that anyone who visited the site recently scan their devices for malware.
This incident adds to a growing list of high-profile websites being targeted by hackers for malicious purposes. The motive behind the attack on Patel’s brand has not been determined, but it appears to be a typical malware distribution scheme rather than a politically motivated hack.
Authorities have not announced any investigation into the breach. The website’s hosting provider likely took it down after being alerted to the compromise. Users are advised to avoid visiting the site until it is confirmed safe.
Patel’s team has not issued a statement regarding the timeline for restoring the website or whether customer data was affected. The brand’s social media accounts remain active but have not addressed the incident.