Tag: crypto
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Over 20 Malicious Crypto Wallet Apps Found on Google Play, CRIL Warns
Cyble Research and Intelligence Labs (CRIL) has recently uncovered a malicious crypto phishing campaign where more than 20 malicious applications on the Google Play Store were designed to target crypto wallet users with phishing schemes. These deceptive apps impersonate well-known wallet platforms and lure users into revealing their sensitive mnemonic phrases, effectively handing over control…
-
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram
A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
-
Over 20 Malicious Apps on Google Play Target Users for Seed Phrases
Over 20 malicious apps on Google Play are stealing crypto seed phrases by posing as trusted wallets and exchanges, putting users’ funds at risk. First seen on hackread.com Jump to article: hackread.com/malicious-apps-google-play-users-for-seed-phrases/
-
Over $7.7M in crypto sequestered from North Korean IT worker scam
First seen on scworld.com Jump to article: www.scworld.com/brief/over-7-7m-in-crypto-sequestered-from-north-korean-it-worker-scam
-
Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture
Tags: access, attack, best-practice, business, cio, ciso, communications, computer, computing, conference, corporate, crypto, cryptography, cyber, cybersecurity, data, defense, email, encryption, finance, government, group, ibm, identity, incident, incident response, infrastructure, jobs, lessons-learned, metric, microsoft, mitre, monitoring, nist, risk, service, strategy, technology, threat, tool, training, update, vulnerability, vulnerability-management, warfareCheck out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction. Dive into five things that are top of…
-
Neuer Infostealer tarnt sich mit gefälschtem CAPTCHA
Security-Analysten warnen vor einer neuartigen Malware-Kampagne: EDDIESTEALER nutzt überzeugend inszenierte CAPTCHA-Köder, um Nutzer zur Ausführung gefährlicher PowerShell-Befehle zu verleiten. Ziel ist es, Zugangsdaten, Krypto-Wallets und Browserdaten abzugreifen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/neuer-infostealer-tarnt-sich-mit-gefaelschtem-captcha/
-
145 criminal domains linked to BidenCash Marketplace seized
Approximately 145 darknet and conventional internet domains, along with cryptocurrency funds linked to the BidenCash marketplace, have been seized by the U.S. Attorney’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/06/bidencash-marketplace-domains-seized/
-
DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme
Authorities said they froze and seized the allegedly illegally obtained funds when North Korean nationals attempted to launder money linked to the long-running conspiracy. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/
-
PKI, IAM and the crypto-agility trust imperative
First seen on scworld.com Jump to article: www.scworld.com/resource/pki-iam-and-the-crypto-agility-trust-imperative
-
Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect
Crypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay. First seen on wired.com Jump to article: www.wired.com/story/ross-ulbricht-31-million-donation-alphabay/
-
Cryptohack Roundup: US SEC Drops Civil Case Against Binance
Also: Criminal Charges in France Against Suspected Crypto Millionaire Kidnappers. This week, U.S. SEC dropped its civil case against Binance, Zhao; France charged 25 in crypto kidnap plot; Hackers stole $3 million in Force Bridge exploit. A Singapore court rejected Wazirx restructuring plan, and BitMEX thwarted a Lazarus Group hacking attempt. First seen on govinfosecurity.com…
-
ViperSoftX Malware Enhances Modularity, Stealth, and Persistence Techniques
The cybersecurity landscape witnessed the emergence of new PowerShell-based malware samples circulating in underground forums and threat-hunting communities, marking a significant evolution of the notorious ViperSoftX stealer. This updated variant, building on its 2024 predecessor, showcases remarkable advancements in modularity, stealth, and persistence mechanisms, posing a heightened threat to cryptocurrency users and enterprises. Detailed analysis…
-
What Links Hospital Outages, Crypto Botnets, and Sneaky Zip Files? A Ransomware Chaos
Listen to this article A massive nonprofit hospital network in Ohio, 14 medical centers strong, brought to its knees by cybercriminals”, likely the gang behind the Interlock ransomware. Elective surgeries were canceled. Outpatient appointments paused. And to make it worse? Scammers posing as hospital staff started calling patients asking for their credit card numbers. “Your…
-
Ukrainian police arrest hacker who used hosting firm’s servers to mine cryptocurrency
The suspect, a native of the central Ukrainian city of Poltava, had been conducting cyberattacks since at least 2018, police said. First seen on therecord.media Jump to article: therecord.media/ukrainian-police-arrest-hacker-cryptomining
-
FIPS 140-3 and You, Part Three
Tags: attack, authentication, ccc, compliance, conference, crypto, cryptography, cybersecurity, data, encryption, firmware, Hardware, international, network, nist, side-channel, software, technology, updateFIPS 140-3 and You, Part Three divya Thu, 06/05/2025 – 07:00 Last spring, in the second installment of this blog series, we were excited to announce that our Luna HSM product line was the first HSM in the industry to achieve FIPS 140-3 level 3 validation certificate. This spring, in this third installment, we happily…
-
DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash.”The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information,” the DoJ…
-
Law enforcement seized the carding marketplace BidenCash
U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. >>The U.S. Attorney’s Office for the Eastern District of Virginia announced today the…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Feds Seize BidenCash Carding Market and Its Crypto Profits
After three years of peddling stolen data, BidenCash, one of the web’s most brazen cybercrime hubs is offline, and authorities say they’re just getting started. First seen on hackread.com Jump to article: hackread.com/feds-seize-bidencash-carding-market-crypto-profits/
-
Hacker arrested for breaching 5,000 hosting accounts to mine crypto
The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/
-
FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets
The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-nft-airdrop-scams-targeting-hedera-hashgraph-wallets/
-
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…
-
Cybersecurity’s ‘rare earth’ skills: Scarce, high-value, and critical for future defense
Tags: ai, attack, business, ciso, computing, crypto, cryptography, cyber, cybersecurity, data, defense, detection, intelligence, jobs, programming, risk, skills, strategy, supply-chain, technology, threat, trainingAdvanced threat hunting expertise Like the rarest elements, professionals who can proactively identify novel threats and adversary techniques before they cause damage are scarce and extremely valuable. Why are these skills rare? Many factors have led to this scenario:Complex skill requirements: Effective threat hunters need a unique combination of skills, including deep cyber knowledge, programming…
-
Threat Actor Bribes Overseas Support Agents to Steal Coinbase Customer Data
On May 15, 2025, Coinbase, the largest U.S. cryptocurrency exchange, publicly disclosed a major security breach that exposed the sensitive personal data of 69,461 users”, less than 1% of its monthly transacting base, but a significant figure given the depth of information compromised. This incident was not a typical crypto hack exploiting blockchain vulnerabilities; instead,…
-
Coinbase breach tied to bribed TaskUs support agents in India
A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/
-
What Tackling the SaaS Security Problem Means to Me
By Kevin Hanes, CEO of Reveal Security When I reflect on the years I spent leading one of the world’s largest Security Operations Centers (SOCs) and incident response teams, the lessons learned aren’t just war stories”¦they’re a playbook for how we should rethink our responsibilities in the face of today’s fast-evolving attack surfaces. Back then,…
-
Mozilla launches new system to detect Firefox crypto drainer add-ons
Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-launches-new-system-to-detect-firefox-crypto-drainer-add-ons/
-
Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable
To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings First seen on theregister.com Jump to article: www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/
-
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript
A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in…