Every week political cartoonists throughout the country and across the political spectrum apply their ink-stained skills to capture the foibles, memes, hypocrisies and other head-slapping events in the world of politics. The fruits of these labors are hundreds of cartoons that entertain and enrage readers of all political stripes. Here's an offering of the best of this week's crop, picked fresh off the Toonosphere. Edited by Matt Wuerker.
"This site has been seized by U.S. Homeland Security Investigations as part of a coordinated international law enforcement investigation," the banner reads. BleepingComputer has confirmed that the seized sites include the dark web data leak blogs and negotiation sites used to extort victims into paying a ransom demand.
1
BlackSuit ransomware extortion sites seized in Operation Checkmate
Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years.
The U.S. Department of Justice confirmed the takedown in an email earlier today, saying the authorities involved in the action executed a court-authorized seizure of the BlackSuit domains.
Earlier today, the websites on the BlackSuit .onion domains were replaced with seizure banners announcing that the ransomware gang's sites were taken down by the U.S. Homeland Security Investigations federal law enforcement agency as part of a joint international action code-named Operation Checkmate.
Other law enforcement authorities that joined this joint operation
include the U.S. Secret Service, the Dutch National Police, the German
State Criminal Police Office, the U.K. National Crime Agency, the
Frankfurt General Prosecutor's Office, the Justice Department, the
Ukrainian Cyber Police, Europol, and others.
Romanian cybersecurity company Bitdefender was also involved in the
action, but a spokesperson has yet to reply after BleepingComputer
reached out for more details earlier today.
BlackSuit seizure banner (BleepingComputer)
Chaos ransomware rebrand
On Thursday, the Cisco Talos threat intelligence research group reported that it had found evidence suggesting the BlackSuit ransomware gang is likely to rebrand itself once again as Chaos ransomware.
"Talos assesses with moderate confidence that the new Chaos ransomware group is either a rebranding of the BlackSuit (Royal) ransomware or operated by some of its former members," the researchers said.
"This assessment is based on the similarities in TTPs, including encryption commands, the theme and structure of the ransom note, and the use of LOLbins and RMM tools in their attacks."
BlackSuit started as Quantum ransomware in January 2022 and is believed to be a direct successor to the notorious Conti cybercrime syndicate. While they initially used encryptors from other gangs (such as ALPHV/BlackCat), they deployed their own Zeon encryptor soon after and rebranded as Royal ransomware in September 2022. ...CISA and the FBI first revealed in a November 2023 joint advisory that Royal and BlackSuit share similar tactics, while their encryptors exhibit obvious coding overlaps. The same advisory linked the Royal ransomware gang to attacks targeting over 350 organizations worldwide since September 2022, resulting in ransom demands exceeding $275 million. The two agencies confirmed in August 2024 that the Royal ransomware had rebranded as BlackSuit and had demanded over $500 million from victims since surfacing more than two years prior.
Update 7/24/25: Updated article to include that negotiation sites were seized as well.
Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy.
Windows Recall is an opt-in Windows feature that takes screenshots of active windows every few seconds, analyzes them, and enables Windows 11 users to search for text within the snapshots using natural language. The goal is to make it easy for users to quickly find information about past activities in Windows.
However, the feature has sparked widespread criticism for potentially exposing sensitive data of Windows users, including passwords, emails, health records, and financial information.
Microsoft later increased security by providing methods for software providers to opt out of Windows Recall and by securing data with Windows Hello Enhanced Sign-in Security (ESS).
Brave has now decided to proactively enable a technical feature that prevents Recall from capturing the contents of its windows.
"Given Brave's focus on privacy-maximizing defaults and what is at stake here (your entire browsing history), we have proactively disabled Recall for all Brave tabs," reads a new Brave announcement.
"We think it's vital that your browsing activity on Brave does not accidentally end up in a persistent database, which is especially ripe for abuse in highly-privacy-sensitive cases such as intimate partner violence."
A Brave GitHub issue explains that developers have utilized Microsoft's SetInputScope API and set the input scope to IS_PRIVATE for all browser windows. This tells Windows that the content should not be captured or indexed by Recall.
"Microsoft says that a Web browser can use SetInputScope to set the scope to be IS_PRIVATE to make sure that Recall doesn't save the user's browsing history," reads the Brave GitHub issue.
"We can force that to be true for all windows in renderer_widget_host_view."
The change is already live in Brave Nightly builds and will roll out to stable releases in the coming weeks. For those who wish to use Recall, you can enable it through Brave's settings.
In May, encrypted messenger Signal also blocked Windows Recall by enabling the DRM management flag in the program, which prevents Microsoft's software from taking screenshots of the program.
However, this method could cause issues with accessibility software, such as screen readers, so Signal also provides a way to turn off this setting.
A new Linux malware named Koske
may have been developed with artificial intelligence and is using
seemingly benign JPEG images of panda bears to deploy malware directly
into system memory.
Powerful PDF editors are usually
expensive or buried behind monthly subscriptions. That's what makes this
deal on SwifDoo PDF Pro such a standout. For a limited time, you can
get a perpetual lifetime license for just $29.97 (reg. $129).
Mitel Networks has released
security updates to patch a critical-severity authentication bypass
vulnerability impacting its MiVoice MX-ONE enterprise communications
platform.
Hackers compromised Toptal's
GitHub organization account and used their access to publish ten
malicious packages on the Node Package Manager (NPM) index.
SonicWall urges customers to
patch SMA 100 series appliances against a critical authenticated
arbitrary file upload vulnerability that can let attackers gain remote
code execution.
The 2025 Microsoft Azure
Architect & Administrator Exam Certification Prep Bundle gives you
the flexibility to learn everything you need to pass Microsoft Azure
exams — from the comfort of your home. And lifetime access is on sale
for just $29.97.
A China-based hacking group is
deploying Warlock ransomware on Microsoft SharePoint servers vulnerable
to widespread attacks targeting the recently patched ToolShell zero-day
exploit chain.
This Lenovo 100e Chromebook 2nd
Gen (2019) delivers a durable, portable, and efficient computer for
school, remote work, or everyday use. Priced at just $54.99 (reg.
$328.99) in refurbished grade "A" condition, this is a great deal while
supplies last.
Proton has launched a new tool
called Lumo, offering a privacy-first AI assistant that does not log
user conversations and doesn't use their prompts for training.
Clorox is suing IT giant
Cognizant for gross negligence, alleging it enabled a massive August
2023 cyberattack by resetting an employee's password for a hacker
without first verifying their identity.
1
