A naukri.com initiative
Hacking News
TheNewsCrypto
1M
246
Image Credit: TheNewsCrypto
Mirana Ventures Stands as the Largest ETH Depositor for Bybit
- Mirana Ventures deposited around $600 million worth of ETH into Bybit.
- Mirana Ventures acquired this ETH by selling $500 BTC and $100 USDT.
- Bybit lost $1.5 billion worth of Ethereum due to a theft by North Korean hackers.
- Mirana Ventures is the largest ETH depositor, covering $600 million of the ETH deficit.
Read Full Article
14 Likes
Securityaffairs
1M
251
Image Credit: Securityaffairs
GitVenom campaign targets gamers and crypto investors by posing as fake GitHub projects
- GitVenom is a malware campaign targeting GitHub users, posing as open-source projects.
- Threat actors created fake GitHub repositories with malicious code, disguised as automation tools and crypto bots.
- Malicious payloads were stored in the fake projects to download further components and execute them.
- The campaign targeted gamers and crypto investors with a variety of malicious activities including stealing credentials and cryptocurrency hijacking.
Read Full Article
15 Likes
Stackexchange
1M
319
Image Credit: Stackexchange
***Hire Expert Certified Intelligence Cyber Wizard Assets Recovery Company for any job?
- A person shares their experience of being scammed into buying cryptocurrency by someone online.
- The scammer had access to a group of analysts and claimed to provide reliable predictions for the rise and fall of BTC.
- After the person invested more money, the scammer disappeared and all connections were banned.
- The person was able to recover their stolen BTC assets with the help of a company called Intelligence Cyber Wizard.
Read Full Article
19 Likes
Securityaffairs
1M
215
Image Credit: Securityaffairs
LockBit taunts FBI Director Kash Patel with alleged “Classified” leak threat
- LockBit, a ransomware gang, claims to possess 'classified information' that could 'destroy' the FBI if leaked.
- The group published a message on their dark web leak site, addressing FBI Director Kash Patel, and offered to share the alleged confidential information.
- LockBit accuses the FBI agents of being manipulators and suggests that the agency is a real threat to US national security.
- The group invited Patel to contact them to receive a password-protected archive containing the classified information.
Read Full Article
12 Likes
Coinpedia
1M
444
Image Credit: Coinpedia
Bybit Launches ‘War’ Against North Korean Hacking Group Lazarus Following $1.46 Billion Theft
- Bybit launches 'war' against North Korean hacking group Lazarus following $1.46 billion theft
- Bybit CEO declares war against Lazarus Group responsible for the recent $1.46 billion cryptocurrency theft
- Bybit develops a bounty website, lazarusbounty.com, to track down stolen funds and offers a 5% reward upfront
- Bybit aims to eliminate bad actors and plans to open the bounty program to other victims of Lazarus Group
Read Full Article
26 Likes
Cryptopotato
1M
152
Image Credit: Cryptopotato
Bybit Hack: Thief Washes 18% of $1.4B Haul in 60 Hours
- The attacker behind the Bybit exploit has laundered 18% of the stolen funds in just 60 hours.
- They are using THORChain for cross-chain swaps to convert ETH into other crypto assets.
- So far, the hacker has laundered 89,500 ETH, valued at about $224 million.
- Bybit is working on recovering the stolen funds and has engaged blockchain forensic firm zeroShadow to trace and freeze the assets.
Read Full Article
9 Likes
Schneier
1M
112
North Korean Hackers Steal $1.5B in Cryptocurrency
- North Korean hackers steal $1.5B in cryptocurrency from the Dubai-based exchange Bybit.
- Over 400,000 ethereum and staked ethereum coins were transferred from Bybit's cold wallet to hot wallets controlled by the attackers.
- The attackers manipulated the smart contract logic and signing interface, bypassing multisig cold wallet security.
- The hack exposes the vulnerability of the human element in crypto security, requiring the industry to focus on end-to-end prevention.
Read Full Article
6 Likes
Securityaffairs
1M
444
Image Credit: Securityaffairs
EU sanctioned the leader of North Korea-linked APT groups
- The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine.
- The EU announced sanctions against Lee Chang Ho, who coordinated North Korean soldiers in Ukraine and led North Korea-linked APT groups like Lazarus and Kimsuky.
- Lee Chang Ho is the Director of the Reconnaissance General Bureau in North Korea, responsible for intelligence operations, cyber warfare, and espionage.
- The sanctions are part of ongoing efforts to condemn entities supporting actions undermining the independence of Ukraine and to address cybercrime, espionage, and cooperation between North Korea and Russia.
Read Full Article
26 Likes
Coinjournal
1M
94
Image Credit: Coinjournal
Chainflip plans upgrade to block Bybit hackers
- Chainflip announced the 1.7.10 upgrade to block Bybit hackers and other illicit flows on its decentralized exchange protocol.
- The decision to deploy the upgrade is to protect the interests of ordinary users and prevent exposing liquidity providers to too much risk.
- The upgrade expands a broker-level screening feature to reject high-risk Bitcoin deposits to Ethereum and ERC20 tokens.
- Chainflip developers have written most of the code, and testing and deployment are expected to go live within 24 to 72 hours.
Read Full Article
5 Likes
Securityaffairs
1M
390
Image Credit: Securityaffairs
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) vulnerabilities to its Known Exploited Vulnerabilities catalog.
- The two vulnerabilities are CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability and CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability.
- CVE-2017-3066 is a Java deserialization vulnerability in Adobe ColdFusion, allowing arbitrary code execution.
- CVE-2024-20953 is a Deserialization Vulnerability in Oracle Agile PLM, enabling a low-privileged attacker to take over the system.
Read Full Article
23 Likes
Cybersafe
1M
49
Image Credit: Cybersafe
North Korean Lazarus Group linked to $1.5 B Bybit Crypto Heist
- A massive $1.5 billion cryptocurrency theft from exchange Bybit has been linked to North Korea’s Lazarus hacking group.
- During the attack, hackers manipulated smart contract logic to gain control of Bybit's cold wallet, resulting in the theft of over 400,000 ETH and stETH tokens.
- The stolen funds were traced to addresses associated with previous hacks linked to Lazarus, and the hackers used various tactics to launder the stolen assets.
- This heist is part of the increasing cybercrime activities by North Korea, with previous records set in 2022 and 2024.
Read Full Article
2 Likes
Securityaffairs
1M
242
Image Credit: Securityaffairs
Russia warns financial sector organizations of IT service provider LANIT compromise
- Russia's NKTsKI warns financial sector organizations about a breach at major Russian IT service and software provider LANIT.
- The breach affected LANIT subsidiaries, LANTER and LAN ATMservice, potentially compromising their systems.
- The attack occurred on February 21, 2025, leading NKTsKI to recommend organizations to change passwords and strengthen monitoring.
- LANIT, a significant player in Russia's digital infrastructure, was previously sanctioned by the U.S. Treasury for facilitating Russia's acquisition of military technology.
Read Full Article
14 Likes
Arstechnica
1M
966
Image Credit: Arstechnica
How North Korea pulled off a $1.5 billion crypto heist—the biggest in history
- North Korea has pulled off a $1.5 billion crypto heist, the biggest in history.
- The theft occurred at the Dubai-based exchange Bybit, where over 400,000 ethereum and staked ethereum coins were stolen.
- The funds were transferred from a 'Multisig Cold Wallet' to one of the exchange's hot wallets and then moved into wallets controlled by the attackers.
- The techniques and laundering of the stolen funds suggest the involvement of threat actors working for North Korea.
Read Full Article
20 Likes
Securityaffairs
1M
35
Image Credit: Securityaffairs
A large botnet targets M365 accounts with password spraying attacks
- A botnet of 130,000+ devices is targeting Microsoft 365 (M365) accounts through password-spraying attacks, bypassing multi-factor authentication.
- The attackers exploit basic authentication, allowing them to steal credentials transmitted in plain form.
- The password-spray attacks are recorded in Non-Interactive Sign-In logs, often overlooked by security teams, enabling attackers to conduct high-volume attempts undetected.
- SecurityScorecard advises affected organizations to rotate credentials and reassess their authentication strategies to combat these ongoing botnet attacks.
Read Full Article
2 Likes
Cryptopotato
1M
17
Image Credit: Cryptopotato
Infini Suffers $49M Exploit in Stablecoin Heist
- Stablecoin Bank Infini lost $49 million in USDC in a security breach.
- The hacker misused retained administrative privileges to steal the funds.
- The attacker converted the stolen USDC to DAI and then to 17,696 ETH.
- The incident was caused by a developer who had secret administrative control over the platform.
Read Full Article
1 Like
For uninterrupted reading, download the app