12 Jul, 2026

KelpDAO suffers $290 million heist tied to Lazarus hackers

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. The attack reportedly also impacted the lending protocols Compound, Euler, and Aave, with the latter announcing a freeze and blocking new deposits or borrowing using rsETH as collateral. KelpDAO is a decentralized finance (DeFi) project built around liquid […]

2 mins read

China’s Apple App Store infiltrated by crypto-stealing wallet apps

A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. The threat actor used multiple methods to imitate official products, including typosquatting and fake branding, to lure users in China into downloading […]

2 mins read

The Gentlemen ransomware now uses SystemBC for bot-powered attacks

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a […]

4 mins read

Seiko USA website defaced as hacker claims customer data theft

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the “Press Lounge” section of the site were shown a page titled “HACKED,” which replaced normal content with what appeared to be a […]

1 min read

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. The hackers impersonate IT or helpdesk staff to contact employees through cross-tenant chats and trick them into providing remote access for data theft purposes. Microsoft has observed multiple intrusions with […]

3 mins read

British Scattered Spider hacker pleads guilty to crypto theft charges

A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. In November 2024, U.S. prosecutors accused 24-year-old Tyler Robert Buchanan and four other suspects of stealing at least $8 million in cryptocurrency after hacking at least a dozen companies […]

3 mins read

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React […]

4 mins read

NIST to stop rating non-priority flaws due to volume increase

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. Starting April 15, the service will only analyze and provide additional details (e.g., severity rating, product lists) for security issues that meet specific criteria related to the risk they pose. The […]

2 mins read

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. The tool is highly popular in the Node Package Manager (npm) registry, with an average of nearly 50 million weekly downloads. It is used for inter-service communication, in real-time applications, and for […]

2 mins read