Cybercrime
-
Vietnamese hackers use fake copyright notices to steal cryptocurrency, researchers say
A Vietnamese hacking group known as Lone None has launched a multi-language scam to steal personal and financial data, with a focus on cryptocurrency, using fake copyright takedown notices and malware delivered through DLL side-loading, according to Cofense Intelligence.
-
China-linked BRICKSTORM attackers conduct long-running espionage campaign against U.S. tech firms, Mandiant says
Mandiant identifies BRICKSTORM, a China-linked threat group running a long-running espionage campaign against U.S. tech firms, using a Go-based malware to target Linux and BSD systems, with a focus on SaaS providers and other high-value targets, and urges vendors to adopt zero-trust architectures.
-
Malicious Rust crates impersonating fast_log steal Solana and Ethereum wallet keys, researchers say
Cybersecurity researchers say two malicious Rust crates impersonating the fast_log logging library were used to harvest Solana and Ethereum wallet keys from source code, with Crates.io removing the packages and preserving logs for analysis after responsible disclosure.
-
GitHub outlines changes to harden npm after self-replicating worm incident
GitHub said a self-replicating “Shai-Hulud” worm compromised maintainer accounts and injected malicious post-install scripts into npm packages, and outlined changes including required 2FA, short-lived granular tokens and trusted publishing to harden npm’s supply chain.
-
FBI Warns of Fake IC3 Websites Designed to Steal Personal Data
The FBI warning highlights that criminals are creating spoofed IC3 websites to harvest personal data, noting more than 100 impersonation reports since late 2023 and urging direct access to IC3.gov and vigilance against look-alike domains and scam communications.
-
Boyd Gaming Discloses Data Breach After Cyberattack; Employee Data Among Those Compromised
Boyd Gaming disclosed a cyberattack in a Form 8-K, stating attackers gained access to its systems and stole employee data and data belonging to a limited number of other individuals. The company says operations and financial condition are not affected, has engaged external cybersecurity experts and notified law enforcement, and no group has claimed responsibility.
-
US Secret Service Dismantles Network of 300 SIM Servers Near UN General Assembly
The U.S. Secret Service said it dismantled a network of more than 300 SIM servers and 100,000 SIM cards across the New York area, potentially capable of disrupting telecommunications and enabling encrypted communications for threat actors, with investigations linking to nation-state actors and reports of assassination threats near the UN General Assembly.
-
Iranian-linked hackers expand European operations with fake job portals and new malware, researchers say
Security researchers say Iranian government-backed attackers are targeting Western Europe with fake job portals and new Minibike malware, including MiniJunk and MiniBrowse, delivered through a multi-stage DLL sideloading chain. The operation focuses on Denmark, Portugal, and Sweden and appears linked to broader Iran-aligned threat activity.
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Mac ad campaign impersonating brands pushes macOS credential stealer, LastPass warns
Security researchers warn of a malvertising campaign that uses search ads to impersonate LastPass and other services, delivering the Atomic Stealer/Amos Stealer on macOS via fraudulent GitHub pages; LastPass says takedowns are underway and IoCs are shared.
