Tag: blockchain
-
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Tags: attack, blockchain, crypto, cyber, cybersecurity, data-breach, exploit, hacker, jobs, malware, north-korea, phishing, spear-phishing, tactics, threatCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent >>fake interview
-
MITRE Launches AADAPT Framework to Counter Real-World Attacks on Digital Asset Systems
The MITRE Corporation has unveiled its comprehensive AADAPT framework (Adversarial Actions in Digital Asset Payment Technologies), a specialized knowledge base designed to catalog and counter sophisticated attacks targeting digital asset management systems, cryptocurrency exchanges, and blockchain infrastructure. The framework represents a significant advancement in cybersecurity defense for the rapidly evolving digital asset sector. Modeled after…
-
Hacker Returns $42 Million in Stolen Crypto in Exchange for $5 Million Bounty
A security flaw in the GMX V1 software was made public, causing a significant upheaval in the decentralized finance (DeFi) ecosystem and forcing immediate action to protect user assets. GMX, a prominent perpetual futures trading platform built on blockchain technology, relies on its V1 protocol for liquidity provision through its GLP (GMX Liquidity Provider) token.…
-
Weaponized AI Extension Used by Hackers to Swipe $500,000 in Crypto
Tags: ai, attack, blockchain, crypto, cyber, cyberattack, cybersecurity, hacker, malicious, open-source, russia, toolA Russian blockchain engineer lost over $500,000 in cryptocurrency holdings in June 2025 after being the victim of a carefully planned cyberattack, serving as a terrifying reminder of the perils that might exist in open-source ecosystems. The attack, investigated by cybersecurity experts, revealed the use of a malicious extension disguised as a legitimate tool for…
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
Drei zentrale Cybersicherheitsrisiken von Quantencomputing
Heute verschlüsselte Daten, die künftig entschlüsselt werden könnten. Manipulation der Blockchain. Quantenresistente Ransomware. Es ist eines der drängendsten technologischen Themen der kommenden Dekade: die zunehmende Relevanz von Quantencomputern und deren mögliche Auswirkungen auf die digitale Sicherheit. Als Cybersicherheitsrisiken gelten verschlüsselte Daten, die künftig entschlüsselt werden könnten, Manipulation der Blockchain und quantenresistente Ransomware. Klassische Computer stoßen……
-
LLMs are guessing login URLs, and it’s a cybersecurity time bomb
Tags: ai, api, blockchain, cybersecurity, data, github, LLM, login, malicious, monitoring, office, risk, supply-chain, trainingGithub poisoning for AI training: Not all hallucinated URLs were unintentional. In an unrelated research, Netcraft found evidence of attackers deliberately poisoning AI systems by seeding GitHub with malicious code repositories.”Multiple fake GitHub accounts shared a project called Moonshot-Volume-Bot, seeded across accounts with rich bios, profile images, social media accounts and credible coding activity,” researchers…
-
Bitcoin-Treasury-Audits, Blockchain und Zero-Knowledge Proofs: Warum Technologie allein regulatorische Nachweispflichten nicht erfüllt
www.pexels.com/de-de/foto/schachteln-wahlen-kennzeichen-wahl-8850706/ Blockchain-Technologien werden vielfach als Werkzeuge für eine neue Ära der Transparenz gesehen. Sie gelten als Grundlage für nachvollziehbare Transaktionen, fälschungssichere Daten und flexible Infrastrukturen, die sich dynamisch an neue regulatorische Anforderungen anpassen. Insbesondere Finanz-Startups setzen auf diese Technologien, um mit schlanken Architekturen komplexen gesetzlichen Vorgaben zu genügen. Ein aktueller Fall führt jedoch vor Augen,……
-
DOJ moves to seize $225 million in crypto stolen by scammers
A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to trace the funds back to fraud schemes perpetrated by actors in the Philippines. First seen on therecord.media Jump to article: therecord.media/doj-moves-to-seize-225-million-in-stolen-crypto
-
N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam
North Korean hackers deploy PylangGhost malware through fake crypto job interviews targeting blockchain professionals with phishing and remote access tools. First seen on hackread.com Jump to article: hackread.com/n-korean-hackers-pylangghost-malware-crypo-job-scam/
-
New quantum system offers publicly verifiable randomness for secure communications
Tags: blockchain, communications, crypto, cyber, cybersecurity, docker, email, finance, government, Hardware, infrastructure, open-source, software, technology, threat, toolNature and detailed in an accompanying arXiv preprint, CURBy leverages the phenomenon of quantum entanglement, where particles maintain interconnected states regardless of distance, to create fundamentally unpredictable outputs.”From a security perspective, this approach offers something valuable the ability to independently verify that random numbers haven’t been compromised,” noted Narayan Gokhale, vice president at QKS Group.…
-
Unmasking the silent saboteur you didn’t know was running the show
Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trustCybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
-
Threat Actor Bribes Overseas Support Agents to Steal Coinbase Customer Data
On May 15, 2025, Coinbase, the largest U.S. cryptocurrency exchange, publicly disclosed a major security breach that exposed the sensitive personal data of 69,461 users”, less than 1% of its monthly transacting base, but a significant figure given the depth of information compromised. This incident was not a typical crypto hack exploiting blockchain vulnerabilities; instead,…
-
Zero-Knowledge-Protokoll: Was Sie über zk-SNARK wissen sollten
Zero-Knowledge-Protokolle wie zk-SNARK nutzen die kleinstmögliche Informationsmenge zur Authentifizierung.Unter den Zero-Knowledge-Protokollen nimmt zk-SNARK (Zero-knowledge succinct non-interactive argument or knowledge) eine Sonderrolle ein es ist das populärste. Weil Zero-Knowledge-Systeme die Art und Weise, wie Authentifizierung funktioniert, revolutionieren könnten, gewinnen sie zunehmend an Bedeutung, während sie sich stetig weiterentwickeln. Die Mathematik, die hinter diesen Systemen und Protokollen…
-
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias >>cappership.
-
Why privacy in blockchain must start with open source
Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/30/open-source-blockchain-privacy/
-
Top 12 US cities for cybersecurity job and salary growth
Tags: access, ai, apple, attack, blockchain, business, country, crowdstrike, cyber, cybersecurity, data, defense, finance, fintech, government, group, infrastructure, insurance, iot, jobs, metric, microsoft, nvidia, office, okta, privacy, software, startup, strategy, supply-chain, technology, training, warfareWhile major hubs like San Francisco naturally come to mind, and perform well based on the metrics we evaluated, there are many lesser-known cities that may be just as promising, if not more. These emerging destinations can offer easier access to job opportunities, more sustainable career paths, higher pay, and a lower cost of living.Here’s…
-
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic of Korea (DPRK). This network targets remote engineering and full-stack blockchain developer roles by impersonating Polish and US nationals. The threat actors behind this operation employ a range of deceptive tactics, including the use of…
-
Coinbase Extorted, Offers $20M for Info on Its Hackers
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coinbase-extorted-20m-hackers
-
Sophos X-Ops Analyse: So waschen Cyberkriminelle ihre erbeuteten Krypto-Millionen
Die Erkenntnisse stammen aus einer mehrmonatigen Analyse von Sophos X-Ops. Die Experten haben Bewegungen auf Darknet-Marktplätzen, Blockchain-Transaktionen und öffentliche Unternehmensdaten ausgewertet. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analyse-so-waschen-cyberkriminelle-ihre-erbeuteten-krypto-millionen/a40816/
-
Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
Tags: blockchain, china, crime, crypto, data, data-breach, korea, marketplace, north-korea, scam, technologyA Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee.According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering…
-
Weaponized PyPI Package Targets Developers to Steal Source Code
Security researchers at RL have discovered a malicious Python package called >>solana-token
-
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times.…
-
Deepfake attacks are inevitable. CISOs can’t prepare soon enough.
Tags: advisory, ai, attack, authentication, awareness, blockchain, business, ciso, compliance, control, cybersecurity, data, deep-fake, defense, detection, espionage, finance, fraud, governance, grc, identity, incident response, jobs, law, mfa, north-korea, password, privacy, resilience, risk, scam, software, strategy, tactics, technology, threat, tool, training, updateReal-world fabrications: Even security vendors have been victimized. Last year, the governance risk and compliance (GRC) lead at cybersecurity company Exabeam was hiring for an analyst, and human resources (HR) qualified a candidate that looked very good on paper with a few minor concerns, says Kevin Kirkwood, CISO.”There were gaps in how the education represented…
-
Nomad Bridge Hacker Apprehended in Connection with $190 Million Heist
Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested last Thursday at Ben-Gurion Airport while attempting to flee to Russia under a new identity. Gurevich is the primary suspect in the 2022 Nomad Bridge hack that resulted in approximately $190 million in stolen cryptocurrency, marking one of the largest blockchain security breaches that year. Israeli…