#rhadamanthys-infostealer

[ follow ]
#cybersecurity #malware #data-breach #supply-chain-attack #north-korea #social-engineering #axios #vulnerabilities
#north-korea
Cryptocurrency
fromSecurityWeek
2 days ago

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.
Information security
fromFortune
3 days ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.
Cryptocurrency
fromSecurityWeek
2 days ago

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

A North Korean threat actor executed a $285 million heist from the Drift DeFi platform using sophisticated techniques and pre-signed transactions.
Information security
fromFortune
3 days ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.
more#north-korea
#cybersecurity
fromSilicon Canals
16 hours ago
Information security

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

fromFortune
3 days ago
NYC startup

Latest crypto hack sees thieves make off with $280 million from Solana DeFi platform Drift | Fortune

EU data protection
fromTechCrunch
2 days ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.
Roam Research
fromThe Hacker News
1 week ago

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

A new evolution of the GlassWorm campaign enables comprehensive data theft and installs a remote access trojan disguised as a Google Docs extension.
Information security
fromSilicon Canals
16 hours ago

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hyppönen has transitioned from cybersecurity to anti-drone defense, focusing on systems for law enforcement and military clients.
Node JS
fromThe Hacker News
14 hours ago

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

36 malicious npm packages disguised as Strapi CMS plugins facilitate exploitation and credential harvesting.
EU data protection
fromSecurityWeek
1 day ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.
NYC startup
fromFortune
3 days ago

Latest crypto hack sees thieves make off with $280 million from Solana DeFi platform Drift | Fortune

Drift suffered a $280 million hack attributed to North Korea, utilizing a novel attack method involving durable nonces.
EU data protection
fromTechCrunch
2 days ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.
Roam Research
fromThe Hacker News
1 week ago

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

A new evolution of the GlassWorm campaign enables comprehensive data theft and installs a remote access trojan disguised as a Google Docs extension.
more#cybersecurity
US politics
fromArs Technica
9 hours ago

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.
#openclaw
DevOps
fromInfoWorld
2 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
2 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
2 days ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
2 days ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
more#openclaw
Apple
fromMail Online
2 days ago

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.
#data-breach
Privacy professionals
fromSilicon Canals
2 days ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromSecuritymagazine
2 days ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Privacy professionals
fromSilicon Canals
2 days ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Information security
fromSecuritymagazine
2 days ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
more#data-breach
Roam Research
fromArs Technica
3 days ago

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.
fromTNW | Data-Security
4 days ago

Hasbro hacked: Peppa Pig & Transformers owner warns of weeks of disruption

Hasbro disclosed unauthorized access to its systems, an intrusion first detected on 28 March that has since forced the company to take parts of its infrastructure offline and warn that product deliveries could be delayed for weeks.
London startup
#cybercrime
fromTheregister
7 hours ago
Information security

Don't glamorize cybercrims, roast them instead

Cybercrime groups should not be glamorized; they are ordinary individuals using computers for theft, not mythical entities.
more#cybercrime
Cryptocurrency
fromnews.bitcoin.com
1 day ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.
#whatsapp
Privacy professionals
fromSilicon Canals
3 days ago

Italian surveillance firm SIO built fake WhatsApp app with government spyware, Meta says - Silicon Canals

WhatsApp notified 200 users in Italy about a fake app containing spyware linked to surveillance firm SIO.
Privacy professionals
fromTechCrunch
4 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Privacy professionals
fromTNW | Apple
3 days ago

WhatsApp notifies 200 users who installed fake app built by Italian spyware maker SIO

WhatsApp alerted 200 users in Italy about a counterfeit app that was actually government spyware developed by SIO.
Information security
fromTheregister
4 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
Privacy professionals
fromSilicon Canals
3 days ago

Italian surveillance firm SIO built fake WhatsApp app with government spyware, Meta says - Silicon Canals

WhatsApp notified 200 users in Italy about a fake app containing spyware linked to surveillance firm SIO.
Privacy professionals
fromTechCrunch
4 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Privacy professionals
fromTNW | Apple
3 days ago

WhatsApp notifies 200 users who installed fake app built by Italian spyware maker SIO

WhatsApp alerted 200 users in Italy about a counterfeit app that was actually government spyware developed by SIO.
Information security
fromTheregister
4 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
more#whatsapp
US politics
fromTechCrunch
3 days ago

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.
#axios
Information security
fromBleepingComputer
22 hours ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.
fromSiliconANGLE
5 days ago
Information security

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Node JS
fromSecurityWeek
4 days ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.
Node JS
fromThe Hacker News
5 days ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.
Information security
fromBleepingComputer
22 hours ago

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.
Information security
fromSiliconANGLE
5 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
more#axios
#malware
Information security
fromThe Hacker News
3 days ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.
Information security
fromThe Hacker News
2 days ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.
Information security
fromThe Hacker News
3 days ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.
Information security
fromTheregister
3 days ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.
Information security
fromSecurityWeek
4 days ago

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.
more#malware
DevOps
fromTheregister
1 week ago

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.
#cyberattack
EU data protection
fromSecurityWeek
6 days ago

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.
Privacy professionals
fromTechCrunch
4 days ago

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.
EU data protection
fromSecurityWeek
6 days ago

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.
Privacy professionals
fromTechCrunch
4 days ago

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro confirmed a cyberattack, prompting system shutdowns and ongoing investigations, with potential operational disruptions lasting several weeks.
more#cyberattack
#solana
Cryptocurrency
fromnews.bitcoin.com
2 days ago

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

A Solana-based perpetual futures exchange lost $286 million in 12 minutes due to a sophisticated attack involving fake collateral and social engineering.
Information security
fromThe Hacker News
2 days ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.
Cryptocurrency
fromnews.bitcoin.com
2 days ago

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

A Solana-based perpetual futures exchange lost $286 million in 12 minutes due to a sophisticated attack involving fake collateral and social engineering.
Information security
fromThe Hacker News
2 days ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.
more#solana
Node JS
fromBleepingComputer
5 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Information security
fromSecurityWeek
2 days ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.
Cryptocurrency
fromnews.bitcoin.com
5 days ago

Kraken User Loses $18.2M in Crypto Social Engineering Attack as Funds Move via Thorchain: ZachXBT

A coordinated theft involved phishing tactics, rapid asset transfers, and laundering of approximately $1.8 million in ether through decentralized protocols.
Information security
fromSecurityWeek
2 days ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
Privacy professionals
fromComputerworld
3 weeks ago

Cyber criminals too are working from home... your home

The FBI warns that cybercriminals use residential proxies to mask illegal activities by hijacking IoT devices, smartphones, and routers, threatening both consumers and enterprises, particularly older devices.
Information security
fromSecurityWeek
5 days ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.
Information security
fromSecurityWeek
2 days ago

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.
Information security
fromWIRED
1 day ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.
Information security
fromInfoWorld
2 days ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.
Information security
fromTechzine Global
2 days ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.
#supply-chain-attack
Information security
fromInfoQ
5 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromInfoQ
5 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
more#supply-chain-attack
Information security
fromTechRepublic
3 days ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
#phishing
Information security
fromThe Hacker News
4 days ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.
Information security
fromThe Hacker News
4 days ago

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.
Information security
fromTechzine Global
6 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
Information security
fromThe Hacker News
1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
Information security
fromThe Hacker News
4 days ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.
Information security
fromThe Hacker News
4 days ago

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.
Information security
fromTechzine Global
6 days ago

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.
Information security
fromThe Hacker News
1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.
more#phishing
Information security
fromThe Hacker News
2 days ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.
Information security
fromSecurityWeek
5 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Information security
fromSecurityWeek
5 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
Information security
fromTechCrunch
1 week ago

FBI says Iranian hackers are using Telegram to steal data in malware attacks | TechCrunch

Iranian government hackers exploit Telegram to steal data from dissidents and journalists through malware disguised as legitimate apps.
Information security
fromTechzine Global
2 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.
Information security
fromThe Hacker News
2 weeks ago

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Perseus, a new Android malware evolved from Cerberus and Phoenix, actively targets users through dropper apps for device takeover and financial fraud, with primary focus on Turkey and Italy.
fromSecuritymagazine
2 weeks ago

Targeted Phishing Attack Breaches Biotech Company Data

This phishing attack enabled the threat actor to access 'certain internal IT business applications.' The malicious actor gained unauthorized entry by compromising an employee's access to the organization's internal network for business administration.
Information security
Information security
fromSecurityWeek
2 weeks ago

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 uses SEO poisoning and GitHub hosting to distribute trojans impersonating VPN software, stealing credentials through signed malware that evades detection.
Information security
fromThe Hacker News
3 weeks ago

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Storm-2561 uses SEO poisoning to distribute fake VPN clients that steal credentials by redirecting users to malicious websites hosting digitally signed trojans.
Information security
fromTechzine Global
4 weeks ago

Fake installation pages Claude Code spreads infostealer

Attackers use pixel-perfect clones of developer tool installation pages distributed via Google Ads to trick users into running malware commands that install Amatera Stealer.
Information security
fromTheregister
1 month ago

Double whammy: Steaelite RAT bundles data theft, ransomware

Steaelite, a new remote access trojan sold on cybercrime networks, enables double extortion attacks on Windows machines through ransomware, data theft, credential stealing, and live surveillance controlled via a centralized browser-based dashboard.
fromThe Hacker News
1 month ago

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details.
Information security
fromThe Hacker News
1 month ago

From Ransomware to Residency: Inside the Rise of the Digital Parasite

To be clear, ransomware isn't going anywhere, and adversaries continue to innovate. But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today's attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible.
Information security
[ Load more ]