Tag: blockchain
-
EtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise Admins
A newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals. Instead of broadly targeting users, the attackers deliberately impersonate trusted administrative tools, increasing the likelihood that victims already have elevated system access. The attack chain begins with…
-
109 Fake GitHub Repos Spread SmartLoader, StealC Malware
A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stages, and blockchain-backed C2 resolution to evade detection and keep infrastructure agile. Instead of relying on…
-
Oracle April 2026 Critical Patch Update Addresses 241 CVEs
Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates 34 issues (7.1% of all patches) were assigned a critical severity rating Oracle Communications received the highest…
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
-
Omnistealer uses the blockchain to steal everything it can
This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/omnistealer-uses-the-blockchain-to-steal-everything-it-can/
-
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware. First seen on hackread.com Jump to article: hackread.com/graphalgo-scam-lazarus-hackers-us-llcs-malware/
-
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly…
-
Zero-Knowledge Proofs: How to Prove You Know a Secret Without Revealing the Secret
The most powerful cryptographic primitive you’ve never heard of. Zero-knowledge proofs prove you know something without revealing what you know, and they’re quietly revolutionizing privacy, authentication, and blockchain technology. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/zero-knowledge-proofs-how-to-prove-you-know-a-secret-without-revealing-the-secret/
-
Zero-Knowledge Proofs: How to Prove You Know a Secret Without Revealing the Secret
The most powerful cryptographic primitive you’ve never heard of. Zero-knowledge proofs prove you know something without revealing what you know, and they’re quietly revolutionizing privacy, authentication, and blockchain technology. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/zero-knowledge-proofs-how-to-prove-you-know-a-secret-without-revealing-the-secret/
-
Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected
Google warns that quantum computers could break crypto sooner than expected, heightening the urgency for post-quantum security across blockchain networks. The post Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-quantum-computing-crypto-security-risk/
-
Mutation testing for the agentic era
Tags: ai, api, authentication, blockchain, framework, guide, metric, open-source, risk, rust, skills, software, switch, tool, vulnerabilityCode coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untested as software develops over time. We saw this when mutation testing uncovered…
-
Ethereum-Based EtherRAT, EtherHiding Power Stealthy Malware Campaigns
Hackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called EtherRAT, using a stealthy technique known as EtherHiding to make their command”‘and”‘control (C2) infrastructure difficult to disrupt. EtherRAT, previously profiled by Sysdig and linked to North Korean “Contagious Interview” activity, is a Node.js backdoor that lets attackers run arbitrary commands,…
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Try our new dimensional analysis Claude plugin
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post. Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with…
-
Hacker walks away with $24.5 million after breaching Resolv DeFi platform
In a message to the attacker on the blockchain, Resolv offered the person 10% of the $24.5 million in ETH if they returned the rest and ceased all further activity with the exploited funds. First seen on therecord.media Jump to article: therecord.media/hacker-breaches-resolv-defi-25-million
-
TDL 018 – How To Think, Not What To Think – Mitch Prior
Tags: access, ai, apple, attack, backup, blockchain, business, cctv, china, ciso, cloud, computer, conference, control, credentials, cvss, cyber, cybersecurity, data, defense, detection, exploit, finance, firmware, google, infrastructure, intelligence, Internet, iot, jobs, law, mail, malware, military, network, phone, privacy, resilience, risk, router, software, strategy, switch, technology, threat, tool, vulnerability, wifi, zero-trustThe Human Algorithm in a Zero-Trust World In the latest episode of The Defender’s Log, host David Redekop sits down with cybersecurity expert Mitch Prior to discuss the intersection of high-tech security and human intuition. From their first meeting in 2018″, the early days of Zero Trust”, the duo explores why the “why” behind technical…
-
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials. First seen on hackread.com Jump to article: hackread.com/windsurf-ide-extension-solana-blockchain-developer-data/
-
ForceMemo Hijacks GitHub Accounts, Backdoors Python Repos
ForceMemo is an active software supply”‘chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force”‘pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen”‘token ecosystem and uses the Solana blockchain as a resilient command”‘and”‘control (C2) channel, making detection and takedown significantly harder. The attacker targets a wide range of…
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
ClickFix attackers using new tactic to evade detection, says Microsoft
AppData\Local that is then invoked through cmd.exe to write a VBScript to %Temp%. The batch script is executed via cmd.exe with the /launched command-line argument, and is then executed again through MSBuild.exe, resulting in LOLBin abuse. The script connects to Crypto Blockchain RPC endpoints, indicating etherhiding technique, and also performs QueueUserAPC()-based code injection into chrome.exe…
-
What Is Address Poisoning
As cryptocurrency adoption continues to grow, so do the tactics used by cybercriminals to exploit users. One of the emerging threats in the blockchain ecosystem is address poisoning, a subtle yet highly deceptive attack designed to trick users into sending funds to fraudulent wallet addresses. Unlike traditional hacking methods that rely on breaching systems,… First…
-
Lazarus-Gruppe auf Blockchain-Beutezug Wie Hacker Whitelists als Zielscheiben missbrauchen
Check Point Software Technologies warnt vor einem gefährlichen Sicherheitsirrtum im Umgang mit digitalen Vermögenswerten auf öffentlichen Blockchains. Am Beispiel der nordkoreanischen Hacker ‘Lazarus Group>> zeigt Check Point auf, dass Whitelists Angreifern als Orientierung dienen, um zu erkennen, welche Dienstleister, Gegenparteien oder Infrastrukturkomponenten kompromittiert werden müssen, um an die Assets zu gelangen. In nur sieben Monaten…
-
Lazarus-Gruppe auf Blockchain-Beutezug
Digitale Vermögenswerte auf öffentlichen Blockchains gelten als transparent, schnell und global zugänglich gleichzeitig bieten sie Angreifern klare Angriffspunkte. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/lazarus-gruppe-blockchain-beutezug
-
Lazarus-Gruppe bleibt weiter auf Blockchain-Beutezug
Jede Transaktion sollte so behandelt werden, als könnte sie manipuliert werden. Wer große Vermögenswerte auf öffentlichen Blockchains verwaltet, muss davon ausgehen, dass selbst ‘vertrauenswürdige” Partner kompromittiert werden könnten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/lazarus-gruppe-bleibt-weiter-auf-blockchain-beutezug/a43952/
-
Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury
Institutional DeFi helps corporations improve treasury liquidity, speed cross-border settlements, and manage capital using secure permissioned blockchain protocols. First seen on hackread.com Jump to article: hackread.com/institutional-defi-secure-bridges-decentralized-protocols/
-
NDSS 2025 Siniel: Distributed Privacy-Preserving zkSNARK
Tags: blockchain, china, computer, computing, conference, cryptography, data, framework, Internet, network, oracle, privacySession 14B: Privacy & Cryptography 2 Authors, Creators & Presenters: Yunbo Yang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Yuejia Cheng (Shanghai DeCareer Consulting Co., Ltd), Kailun Wang (Beijing Jiaotong University), Xiaoguo Li (College of Computer Science, Chongqing University), Jianfei Sun (School of Computing and Information Systems, Singapore Management University), Jiachen…
-
NDSS 2025 Siniel: Distributed Privacy-Preserving zkSNARK
Tags: blockchain, china, computer, computing, conference, cryptography, data, framework, Internet, network, oracle, privacySession 14B: Privacy & Cryptography 2 Authors, Creators & Presenters: Yunbo Yang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Yuejia Cheng (Shanghai DeCareer Consulting Co., Ltd), Kailun Wang (Beijing Jiaotong University), Xiaoguo Li (College of Computer Science, Chongqing University), Jianfei Sun (School of Computing and Information Systems, Singapore Management University), Jiachen…
-
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure
OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain to conceal a rotating blockchain-backed command infrastructure. The fake site gates content behind a bogus CAPTCHA and then instructs users to open PowerShell and paste a pre-copied command, a hallmark of…
-
Aeternum botnet hides commands in Polygon smart contracts
Aeternum botnet uses Polygon blockchain smart contracts for C&C, making its infrastructure harder to detect and disrupt. Qrator Labs researchers uncovered Aeternum, a botnet that runs its command-and-control infrastructure through smart contracts on the Polygon blockchain. By decentralizing its C2, the malware avoids traditional server-based takedowns and becomes far harder to disrupt or shut down,…