TF Cybercrime Round-up: 26 March 2025

TF Cybercrime Round-up: Key Breaches and Attacks of March 2025

Tiff Staff

Cybercrimes pose major threats across industries globally as bad actors exploit new techniques and vulnerabilities to cause widespread damage. From ransomware attacks affecting major retailers to weaponizing software, digital security remains volatile.

In this edition of the TF Cybercrime Round-up, we examine the latest incidents and their impact on businesses, individuals, and government agencies. TF also examines the latest developments, including hacking attempts targeting Signal chats, a security breach involving the creator of HaveIBeenPwned, and a growing phishing scam targeting Counter-Strike 2 players.

Let’s break down the major events that matter.

What’s Happening & Why This Matters

Global cybercrime is BUSY! A growing threat to Signal chats emerged after the Pentagon issued a memo warning about Russian hackers exploiting vulnerabilities in the popular encrypted messaging app. Signal’s “linked devices” feature — which lets users access their accounts from multiple devices — has become a key target. This flaw allows hackers to intercept encrypted conversations in real-time, raising concerns about the security of digital communications for high-profile individuals, including U.S. officials discussing sensitive operations.

The Signal group included leading offices from the White House, CIA, NSC, State Department, and the Department of Defense. (Credit: USA TODAY/Reuters)

Meanwhile, Troy Hunt, creator of HaveIBeenPwned, the widely used data breach notification service, fell victim to a phishing email. Hunt’s mistake, while jetlagged, highlights even the most security-conscious individuals are vulnerable to these attacks. The hacker accessed Hunt’s Mailchimp account, stealing email addresses from his blog’s subscriber list. Despite active two-factor authentication (2FA), the attacker successfully bypassed it using a one-time passcode — a telling reminder of how even robust security measures can be compromised.

In gaming, hackers are preying on Counter-Strike 2 players with fake login pop-ups. These malicious pages mimic the official Steam login portal and lure gamers with promises of free rewards. Once players enter their credentials, the attackers take control of their accounts, likely to resell them for profit. This browser-in-the-browser attack is particularly effective on desktop users and underlines the need for caution when logging into third-party sites offering game-related rewards.

TF Summary: What’s Next

These recent events show the growing sophistication of cybercriminals targeting individuals and institutions. As hackers adapt their tactics, the need for stronger security measures and awareness is more critical than ever. With Signal vulnerabilities under the spotlight, Mailchimp’s failure to adequately protect unsubscribed users, and phishing schemes targeting gamers, the digital spaces are rife with risks. Consumers and businesses must stay vigilant, ensuring robust defenses against these constantly evolving threats.

— Text-to-Speech (TTS) provided by gspeech

Share This Article
Leave a comment