Tag: blockchain
-
Spam flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web…
-
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet
Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called >>Safery: Ethereum Wallet,
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
-
Crypto-less Crypto Investment Scams: A California Case
Tags: access, apt, blockchain, breach, business, china, communications, control, crime, crypto, cybercrime, data, email, finance, group, intelligence, international, jobs, network, office, organized, scam, theft, tool, usaMy readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related to the case. USAO Central California The headline last month was that Shengsheng He, a…
-
Crypto-less Crypto Investment Scams: A California Case
Tags: access, apt, blockchain, breach, business, china, communications, control, crime, crypto, cybercrime, data, email, finance, group, intelligence, international, jobs, network, office, organized, scam, theft, tool, usaMy readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related to the case. USAO Central California The headline last month was that Shengsheng He, a…
-
Balancer hack analysis and guidance for the DeFi ecosystem
Tags: access, attack, blockchain, control, crypto, exploit, finance, flaw, guide, intelligence, monitoring, oracle, radius, risk, software, strategy, threat, tool, update, vulnerabilityTL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years. When the bug was first introduced, the threat landscape of the blockchain ecosystem was significantly different, and arithmetic issues in particular were not widely considered likely vectors for exploitation. As low-hanging attack paths…
-
Checkpoint Analysis: Dissecting the $128M Balancer Pool Drain in Under 30 Minutes
In the early hours of November 3, 2025, Check Point Research’s blockchain threat monitoring systems flagged a suspicious pattern on the Ethereum mainnet. The alert stemmed from Balancer V2’s Vault contract, which soon revealed one of the most devastating DeFi vulnerabilities to date. Before defenders could intervene, attackers had siphoned $128.64 million from Balancer ComposableStablePool…
-
Checkpoint Analysis: Dissecting the $128M Balancer Pool Drain in Under 30 Minutes
In the early hours of November 3, 2025, Check Point Research’s blockchain threat monitoring systems flagged a suspicious pattern on the Ethereum mainnet. The alert stemmed from Balancer V2’s Vault contract, which soon revealed one of the most devastating DeFi vulnerabilities to date. Before defenders could intervene, attackers had siphoned $128.64 million from Balancer ComposableStablePool…
-
Dynamische Datensperren Wie KI und Blockchain Governance neu definieren
www.pexels.com/de-de/foto/abstrakt-technologie-forschung-digital-17485707/ Die klassische Welt der Datenhaltung kennt zentrale Datenbanken, Sperr- oder Negativlisten und manuelle Prozesse für Widerruf oder Löschung. Doch im Zeitalter von künstlicher Intelligenz und Blockchain- bzw. Distributed-Ledger-Technologien verändert sich das Fundament von Speicherung, Nutzung und Kontrolle personenbezogener Daten grundlegend. Statt rein zentral gesteuerter Sperrmechanismen entstehen Architekturen aus dezentraler, kryptografisch gestützter Zugriffskontrolle, ergänzt durch……
-
Dynamische Datensperren Wie KI und Blockchain Governance neu definieren
www.pexels.com/de-de/foto/abstrakt-technologie-forschung-digital-17485707/ Die klassische Welt der Datenhaltung kennt zentrale Datenbanken, Sperr- oder Negativlisten und manuelle Prozesse für Widerruf oder Löschung. Doch im Zeitalter von künstlicher Intelligenz und Blockchain- bzw. Distributed-Ledger-Technologien verändert sich das Fundament von Speicherung, Nutzung und Kontrolle personenbezogener Daten grundlegend. Statt rein zentral gesteuerter Sperrmechanismen entstehen Architekturen aus dezentraler, kryptografisch gestützter Zugriffskontrolle, ergänzt durch……
-
Explainable Trustworthy AI in Healthcare Analytics: How Blockchain and XAI Are Powering 2026’s Next Wave
Every healthcare CEO and CTO is asking the same question in 2025 and for 2026, “Can I trust what my AI just told me?” Artificial…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/explainable-trustworthy-ai-in-healthcare-analytics-how-blockchain-and-xai-are-powering-2026s-next-wave/
-
Explainable Trustworthy AI in Healthcare Analytics: How Blockchain and XAI Are Powering 2026’s Next Wave
Every healthcare CEO and CTO is asking the same question in 2025 and for 2026, “Can I trust what my AI just told me?” Artificial…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/explainable-trustworthy-ai-in-healthcare-analytics-how-blockchain-and-xai-are-powering-2026s-next-wave/
-
Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire.According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called…
-
BlueNoroff Shifts Tactics: Targets C-Suite and Managers with New Infiltration Methods
The North Korean-linked threat group BlueNoroff, also known by aliases including Sapphire Sleet, APT38, and Alluring Pisces, continues to evolve its attack tactics while maintaining its primary focus on financial gain. The group has shifted its strategy to employ sophisticated new infiltration methods targeting high-value victims including C-level executives, managers, and blockchain developers within the…
-
Samsung Knox Matrix und Knox Vault Transparente IT-Sicherheit
Erfahren Sie, wie Samsung in Zusammenarbeit mit dem BSI die IT-Sicherheit smarter Geräte kontinuierlich stärkt und so das Vertrauen der Verbraucher gewinnt. Tuncay Sandikci, Director MX B2B bei Samsung, erläutert die neuesten Entwicklungen wie Samsung Knox Matrix. Die Lösung basiert auf Blockchain-Technologie und nutzt moderne Schutzverfahren wie Post-Quantum-Kryptografie, um geräteübergreifenden Echtzeitschutz zu ermöglichen. First seen…
-
GlassWorm Malware Targets Developers Through OpenVSX Marketplace
GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control. First seen on hackread.com Jump to article: hackread.com/glassworm-malware-developers-openvsx-marketplace/
-
CAASM and EASM: Top 12 attack surface discovery and management tools
Tags: access, ai, api, attack, automation, blockchain, business, cloud, control, corporate, credentials, cyber, cybersecurity, dark-web, data, data-breach, detection, dns, endpoint, exploit, framework, guide, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, leak, marketplace, microsoft, monitoring, network, open-source, PCI, risk, risk-assessment, service, soc, software, supply-chain, technology, threat, tool, update, vulnerabilityCAASM and EASM tools for attack surface discovery and management: Periodic scans of the network are no longer sufficient for maintaining a hardened attack surface. Continuous monitoring for new assets and configuration drift are critical to ensure the security of corporate resources and customer data.New assets need to be identified and incorporated into the monitoring…
-
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters
At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
-
Why Banks Are Embracing Blockchain They Once Rejected
Blockchain has finally made its way into traditional banking. For years, major banks wrote it off as a… First seen on hackread.com Jump to article: hackread.com/why-banks-embrace-blockchain-once-rejected/
-
The Unkillable Threat: How Attackers Turned Blockchain Into Bulletproof Malware Infrastructure
The blockchain was supposed to revolutionize trust. Instead, it’s revolutionizing cybercrime. Every foundational principle that makes blockchain technology secure”, decentralization, immutability, global accessibility”, has been systematically inverted by sophisticated threat actors into the most resilient malware delivery system ever created. Welcome to the era of EtherHiding, where malicious code lives forever on public ledgers, protected…
-
White Label Crypto Bank Solutions: Building Digital Banking for the Blockchain Era
The growing demand for crypto-friendly financial services has accelerated the rise of white-label crypto bank solutions. These ready-made… First seen on hackread.com Jump to article: hackread.com/white-label-crypto-bank-solutions-blockchain-era/
-
White Label Crypto Bank Solutions: Building Digital Banking for the Blockchain Era
The growing demand for crypto-friendly financial services has accelerated the rise of white-label crypto bank solutions. These ready-made… First seen on hackread.com Jump to article: hackread.com/white-label-crypto-bank-solutions-blockchain-era/
-
North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2
The post North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-unc5342-apt-uses-etherhiding-to-store-malware-in-blockchain-smart-contracts-for-stealthy-c2/
-
Nordkorea setzt auf Blockchain: Staatshacker nutzen >>EtherHiding<<
Die Google Threat Intelligence Group hat eine neuartige Angriffsmethode nordkoreanischer Hacker dokumentiert. Erstmals nutzt eine staatlich geförderte Gruppe dezentrale Blockchains, um Malware-Befehle zu verschleiern eine Technik, die sich kaum unterbinden lässt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/nordkorea-setzt-auf-blockchain-staatshacker-nutzen-etherhiding