npm packages used by crypto exchanges compromised
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects, appear to have…
This image shows its own MD5 checksum — and it’s kind of a big deal
Generating checksums—cryptographic hashes such as MD5 or SHA-256 functions for files is hardly anything new and one of the most…
Hackers stealing GitHub accounts using fake CircleCI notifications
GitHub is warning of an ongoing phishing campaign that started on September 16 and is targeting its users with emails…
Unpatched 15-year old Python bug allows code execution in 350k projects
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight…
Hackers steal $162 million from Wintermute crypto market maker
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier…
TeamTNT hijacking servers to run Bitcoin encryption solvers
Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe…
New malware bundle self-spreads through YouTube gaming videos
A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats and cracks for popular…
Webworm hackers modify old malware in new attacks to evade attribution
Chinese cyberespionage hackers of the 'Webworm' group are undergoing experimentation, using modified decade-old RATs (remote access trojans) in the wild.…
Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. [...]
Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in…