Tag: crypto
-
Crypto Roundup: Malicious Firefox Extensions
Also: Winkle Abduction Sentencing and Crypto Theft Rising. This week, uncovering 40 malicious crypto Firefox extensions, three sentenced in a Belgium court for crypto kidnapping, the rise of crypto theft. The U.S. Secret Service is a huge crypto custodian, and prosecutors claw back funds pilfered by a fake presidential inaugural committee. First seen on govinfosecurity.com…
-
Weaponized AI Extension Used by Hackers to Swipe $500,000 in Crypto
Tags: ai, attack, blockchain, crypto, cyber, cyberattack, cybersecurity, hacker, malicious, open-source, russia, toolA Russian blockchain engineer lost over $500,000 in cryptocurrency holdings in June 2025 after being the victim of a carefully planned cyberattack, serving as a terrifying reminder of the perils that might exist in open-source ecosystems. The attack, investigated by cybersecurity experts, revealed the use of a malicious extension disguised as a legitimate tool for…
-
Most Cryptocurrency Stocks Are Rising. Join ALR MINER And Earn $8,700 In BTC Every Day
Now, many global cryptocurrency investors view Bitcoin as a financial product for long-term investment rather than a simple speculative product. At the same time, the continued rise in Bitcoin prices reflects the shift in market sentiment and the recent important victory of the Stablecoin Act, which marks a more favorable regulatory environment for cryptocurrencies. Now,…
-
At last, a use case for AI agents with sky-high ROI: Stealing crypto
Boffins outsmart smart contracts with evil automation First seen on theregister.com Jump to article: www.theregister.com/2025/07/10/ai_agents_automatically_steal_cryptocurrency/
-
Hackers Exploit GeoServer RCE Flaw to Deploy Cryptocurrency Miners
Tags: attack, crypto, cve, cyber, data, exploit, flaw, hacker, intelligence, open-source, rce, remote-code-execution, threat, vulnerabilityThe AhnLab Security Intelligence Center (ASEC) has confirmed that unpatched GeoServer instances are still facing relentless attacks by threat actors exploiting a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-36401. GeoServer, an open-source Geographic Information System (GIS) server developed in Java for spatial data processing, became a prime target after the vulnerability was disclosed…
-
At last, a use case for AI agents with high sky-high ROI: Stealing crypto
Boffins outsmart smart contracts with evil automation First seen on theregister.com Jump to article: www.theregister.com/2025/07/10/ai_agents_automatically_steal_cryptocurrency/
-
Driver’s license numbers, addresses leaked in 2024 bitcoin ATM company breach
Bitcoin Depot, which operates cryptocurrency ATMs across North America, says information belonging to more than 26,000 people was breached in an incident last year. First seen on therecord.media Jump to article: therecord.media/bitcoin-depot-cryptocurrency-atm-company-data-breach
-
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitcoin-depot-breach-exposes-data-of-nearly-27-000-crypto-users/
-
More than $40 million stolen from GMX crypto platform
Decentralized exchange GMX disabled trading after it “experienced an exploit.” The heist involved more than $40 million in user funds. First seen on therecord.media Jump to article: therecord.media/gmx-exchange-cryptocurrency-stolen
-
Worauf bei der Implementierung hybrider Verschlüsselungsverfahren geachtet werden sollte
Tags: cryptoDie Ära der ersten leistungsstarken Quantencomputer, sie rückt näher und näher und damit auch die Notwendigkeit der Umstellung der Verschlüsselungsverfahren auf Post-Quanten-Kryptografie (PQC). IT-Verantwortliche sehen sich mit der komplexen, langwierigen Herausforderung konfrontiert, ihre gesamte Krypto-Landschaft zu erfassen, zu analysieren, den Dringlichkeitsgrad der Umstellung jedes einzelnen Assets zu bestimmen und auf Basis ihrer Ergebnisse einen […]…
-
Supply Chain Attack Unleashed via Compromised VS Code Extension
Tags: attack, blockchain, crypto, cyber, github, malicious, open-source, software, supply-chain, threat, toolA sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain…
-
SparkKitty Malware Steals Photos from iOS and Android Devices
A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing sensitive information in their device galleries. SparkKitty represents a concerning evolution in mobile malware distribution,…
-
Fake CNN and BBC sites used to push investment scams
Thousands of web pages falsely branded as popular news sites are conduits for fake cryptocurrency investment scams, researchers said. First seen on therecord.media Jump to article: therecord.media/news-websites-faked-to-spread-investment-scams
-
XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence
Monero (XMR), a cryptocurrency, saw a spectacular surge in early 2025, rising 45% from $196 to $285 by May, with a notable peak in April. This surge coincided with a high-profile Bitcoin theft in the US, where the stolen assets were reportedly converted into Monero by a single individual, drawing attention to the privacy-focused coin.…
-
Cybersecurity Operations and AI Carry Hidden Climate Costs
Crypto Defense, Data Centers, Monitoring Systems Strain Global Energy Use As security monitoring, crypto mining protection and data centers fuel cybersecurity’s energy demands, new regulations, such as Australia’s National Greenhouse and Energy Reporting Act 2007, signal a global shift toward holding the industry accountable for its environmental impact. First seen on govinfosecurity.com Jump to article:…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
The trust crisis in the cloud”¦and why blockchain deserves a seat at the table
Tags: access, blockchain, breach, cloud, compliance, control, credentials, crypto, data, data-breach, framework, gartner, iam, identity, infrastructure, jobs, risk, threat, tool, zero-trustLimited visibility and tamperable logs. Cloud providers manage logs and telemetry internally. As tenants, we often depend on them to provide logs after an incident without a guarantee of tamper-proof integrity. This lack of transparency hampers forensic investigations and incident response.Privilege concentration and insider risk. CSP administrators often hold elevated access privileges, making them single…
-
The Q-Day Countdown: What It Is and Why You Should Care
On Q-Day, everything we’ve protected with current crypto from seemingly mundane but confidential data such as email, bank transactions and medical records, to critical infrastructure, and government secrets all built on a foundation of trust could no longer be trusted. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/the-q-day-countdown-what-it-is-and-why-you-should-care/
-
DPRK macOS ‘NimDoor’ Malware Targets Web3, Crypto Platforms
Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-macos-nimdoor-malware-web3-crypto-platforms
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats
Dr.Web reports Android malware surge in Q2 with adware, banking trojans and crypto theft hidden in fake apps, firmware and spyware targeting users. First seen on hackread.com Jump to article: hackread.com/android-malware-adware-trojan-crypto-theft-q2-threats/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 10 Things I Hate About Attribution: RomCom vs. TransferLoader macOS NimDoor – DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group) Dissecting Kimsuky’s…
-
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram.…
-
Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts.”The attacker used a modified version of XMRig with a hard-“coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders,” Wiz researchers Yaara Shriki and Gili First seen…
-
Firefox store littered with crypto-pilfering extensions
First seen on scworld.com Jump to article: www.scworld.com/brief/firefox-store-littered-with-crypto-pilfering-extensions
-
Novel macOS malware leveraged to compromise crypto, Web3 orgs
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-macos-malware-leveraged-to-compromise-crypto-web3-orgs
-
Cryptohack Roundup: Inside the $100M Nobitex Breach
Also: Dismantling a 460 Million Euro Crypto Fraud Network. This week, a peek into Iran’s largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring. First seen on…
-
Versuchte Entführung: Krypto-Milliardär beißt Kidnapper einen Finger ab
Tags: cryptoNach monatelanger Planung wollten Kidnapper einen australischen Krypto-Milliardär entführen und erpressen. Doch der Mann wusste sich zu wehren. First seen on golem.de Jump to article: www.golem.de/news/versuchte-entfuehrung-krypto-milliardaer-beisst-kidnapper-einen-finger-ab-2507-197731.html
-
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.”These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox First seen on thehackernews.com…