TraderTraitor is a North Korean state-sponsored cyber threat group targeting cryptocurrency and blockchain ecosystems through sophisticated social engineering, supply chain attacks, and cloud compromises. The group has been linked to massive crypto heists, including the $308 million DMM Bitcoin breach and the $1.5 billion Bybit hack. #TraderTraitor #LazarusGroup #DMMBitcoin #Bybit #JumpCloud
Tag: MACOS
A recently patched macOS vulnerability, CVE-2025-31199, can be exploited to bypass security checks and steal sensitive user information, including Apple Intelligence data. Microsoft security researchers have revealed that attackers can leverage Spotlight plugins to access private files and remotely linked device data. #CVE202531199 #Sploitlight #AppleIntelligence #Spotlight #macOSVulnerability
Toptal, a leading freelance developer platform, was compromised when attackers hijacked its GitHub account and distributed malicious code through popular packages. The incident highlights the ongoing risks in npm package supply chains and the importance of thorough security practices. #Toptal #GitHubCompromise…
Microsoft has ceased using Chinese engineers to protect sensitive U.S. defense systems amidst concerns over espionage and sabotage. Multiple organizations, including Louis Vuitton and European hospitals, face increasing cybersecurity threats due to data breaches and vulnerabilities. #Microsoft #LouisVuitton #CyberThreats…
Acronis Threat Research Unit discovered a malware campaign using Leet Stealer, RMC Stealer, and Sniffer Stealer disguised as fake indie games distributed mainly via Discord. These stealers target browser data, credentials, and Discord tokens, enabling attackers to perform extortion, impersonation, and financial theft. #LeetStealer #RMCStealer #SnifferStealer #Discord
A recent supply chain attack exploited compromised NPM package maintainers’ accounts using phishing and typosquatting techniques to deliver malware. The attack affected popular packages like eslint-config-prettier, is, and got-fetch, leading to malware deployment on developers’ systems. #NPM #SupplyChainAttack…
Interlock ransomware, first observed in September 2024, targets businesses and critical infrastructure across North America and Europe using a double extortion model that encrypts victim data and threatens to leak exfiltrated information. The actors use uncommon entry methods such as drive-by downloads and the ClickFix social engineering technique, employing various malware…
Google and Mozilla have released important updates for Chrome and Firefox, fixing multiple high-severity memory safety vulnerabilities that could lead to remote code execution. Users are urged to update their browsers promptly to ensure their security. #Chrome138 #Firefox141 #MemorySafetyVulnerabilities…
The Mimo threat actor has evolved from targeting Craft CMS to exploiting Magento ecommerce platforms via PHP-FPM vulnerabilities, employing advanced persistence and evasion techniques including the use of GSocket and memfd_create() syscall. Their operations now combine cryptomining and proxyjacking for dual monetization while also targeting Docker instances, demonstrating increasing sophistication and diversification. #Mimo #Magento #GSocket #memfd_create #IPRoyal
A new zero-day vulnerability in CrushFTP servers, CVE-2025-54309, is actively exploited by cybercriminals, especially targeting outdated versions. Organizations that fail to apply updates are at risk of unauthorized access and system compromise. #CrushFTP #ZeroDayVulnerability…
This article discusses the widespread use of process injection (MITRE T1055) and command scripting techniques (MITRE T1059) by threat actors to evade detection, execute malicious payloads, and maintain persistence. It highlights real-world malware campaigns and exploits leveraging these tactics, emphasizing their sophistication and stealth capabilities. #MITRE T1055 #MITRE T1059…
NimDoor is a sophisticated MacOS malware used by North Korean threat actors, likely Stardust Chollima, targeting cryptocurrency and Web3 organizations through advanced technical methods and social engineering. The malware employs unique persistence mechanisms, process injection, and encrypted communications to steal sensitive credentials and data. #NimDoor #StardustChollima #MacOSMalware #Cryptocurrency
This cybersecurity roundup highlights recent threats including a Chinese-backed hack targeting a US legal firm and government concerns over Chinese engineers maintaining US defense systems. Key discussions include vulnerabilities in Symantec, cyberattacks on UK retailers, and Chinese espionage against Taiwan’s semiconductor sector. #ChinaThreatActor #SymantecVulnerability…
The ANZ region faces persistent cyber threats, including ransomware and data breaches, highlighting the need for advanced threat intelligence platforms. The top 10 platforms in 2025, such as Cyble and Recorded Future, provide organizations with crucial security insights to defend against these evolving risks. #Cyble #RecordedFuture…
A critical remote code execution vulnerability (CVE-2025-4660) affects Forescout SecureConnector on Windows, allowing attackers to redirect the agent to malicious servers and control endpoints remotely. The flaw arises from insecure default permissions on a named pipe, permitting unauthorized access. #CVE20254660 #ForescoutSecureConnector #CounterACT