Tag: blockchain
-
GoBruteforcer Botnet Targets Crypto Project Databases by Exploiting Weak Credentials
A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers.”The current wave of campaigns is driven by two factors: the mass reuse of AI-generated server deployment examples…
-
Cybercriminal Crypto Transactions Surge to 2025 High
Illicit cryptocurrency transactions reached unprecedented levels in 2025 as nation-states weaponized digital assets to evade sanctions, transforming the cybercrime landscape into a geopolitical battleground with record-breaking financial volumes. According to blockchain analysis data, illicit cryptocurrency addresses received at least $154 billion in 2025, representing a 162% year-over-year increase that establishes a new benchmark for digital finance. Illicit cryptocurrency transactions…
-
New GoBruteforcer attack wave targets crypto, blockchain projects
A new wave of GoBruteforcer botnet malware attacks is targeting databases of cryptocurrency and blockchain projects on exposed servers believed to be configured using AI-generated examples. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gobruteforcer-attack-wave-targets-crypto-blockchain-projects/
-
Das Prinzip ‘Protected Self-Custody” der Sqares AG – Ein Wegwerf-Wallet für die Blockchain
Tags: blockchainFirst seen on security-insider.de Jump to article: www.security-insider.de/ein-wegwerf-wallet-fuer-die-blockchain-a-0f4d2dc7318dda623029a80841d0ef50/
-
Hackers Steal $35M in Cryptocurrency Following LastPass Breach
Tags: attack, blockchain, breach, crypto, cyber, cybercrime, data-breach, encryption, hacker, intelligence, password, russiaRussian cybercriminals have laundered over $35 million in stolen cryptocurrency linked to the devastating 2022 LastPass breach, according to new forensic analysis by blockchain intelligence firm TRM Labs. The 2022 attack exposed encrypted password vaults belonging to roughly 30 million customers worldwide. While the vaults were initially protected by encryption, attackers who downloaded them could…
-
SlowMist Flags Potential Security Risk at HitBTC Exchange
A newly disclosed security warning has drawn attention to potential risks at the HitBTC Exchange after blockchain security firm SlowMist reported identifying a potentially critical vulnerability on the platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hitbtc-exchange-critical-security-warning/
-
NDSS 2025 A New PPML Paradigm For Quantized Models
Session 7D: ML Security Authors, Creators & Presenters: Tianpei Lu (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Bingsheng Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Xiaoyuan Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Kui Ren (The State Key Laboratory of Blockchain…
-
Cryptocurrency theft attacks traced to 2022 LastPass breach
Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/
-
Stolen LastPass backups enable crypto theft through 2025
Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025. In 2022,…
-
Hackers Compromise Trust Wallet Chrome Extension, Users Claim Millions Stolen
Trust Wallet users suffered devastating losses exceeding $7 million after cybercriminals compromised the Chrome browser extension version 2.68.0, released on December 24, 2025. The breach, which targeted desktop users exclusively, left hundreds of wallets completely drained within hours of the malicious update’s deployment. Blockchain investigator ZachXBT initially flagged the incident on the social media platform…
-
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Tags: backup, blockchain, breach, crypto, cybercrime, data, data-breach, intelligence, password, russia, theftThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors…
-
LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Tags: backup, blockchain, breach, crypto, cybercrime, data, data-breach, intelligence, password, russia, theftThe encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master passwords to crack them open and drain cryptocurrency assets as recently as late 2025, according to new findings from TRM Labs.The blockchain intelligence firm said evidence points to the involvement of Russian cybercriminal actors…
-
NDSS 2025 Mysticeti: Reaching The Latency Limits With Uncertified DAGs
Session 7A: Network Security 2 Authors, Creators & Presenters: Kushal Babel (Cornell Tech & IC3), Andrey Chursin (Mysten Labs), George Danezis (Mysten Labs & University College London (UCL)), Anastasios Kichidis (Mysten Labs), Lefteris Kokoris-Kogias (Mysten Labs & IST Austria), Arun Koshy (Mysten Labs), Alberto Sonnino (Mysten Labs & University College London (UCL)), Mingwei Tian (Mysten…
-
SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips
The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors.The complaint charged crypto asset trading platforms Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc., as well as investment clubs AI Wealth…
-
The Asset Layer of the Web: Tokenization Is Becoming Finance’s New Backend Infrastructure
Crypto’s public image lagged reality. Stablecoins, tokenization, and regulation now power a blockchain backend settling global finance at institutional scale. First seen on hackread.com Jump to article: hackread.com/asset-layer-web-tokenization-backend-infrastructure/
-
LLMs work better together in smart contract audits
Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/llmbugscanner-llm-smart-contract-auditing/
-
Blockchain company Nomad to repay users under FTC deal after $186M cyberattack
Regulator makes various additional demands over alleged cybersecurity failings First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/nomad_ftc_settlement/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
Volle Datenhoheit für Nutzer: Dwinity launcht unknackbare Blockchain-Cloud
Während herkömmliche Cloud-Dienste zentrale Server nutzen und damit potenzielle Angriffsflächen bieten , verfolgt Dwinity einen konsequent dezentralen Ansatz. Dateien werden beim Hochladen in Fragmente zerlegt, verschlüsselt und anschließend auf viele unabhängige Knoten (‘Nodes”) im Netzwerk verteilt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/volle-datenhoheit-fuer-nutzer-dwinity-launcht-unknackbare-blockchain-cloud/a43002/
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits
Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-dayNorth Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
-
CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs
Singapore, Singapore, November 19th, 2025, CyberNewsWire The collaboration advances enterprise grade application security into decentralized ecosystems, uniting Checkmarx’s AppSec expertise with Web3 specialization by CredShields. CredShields, a leading Web3 security firm, has partnered with Checkmarx, the global leader in agentic AI-powered application security testing, to work with AI-driven smart contract audits, vulnerability research, and blockchain…