Malicious npm Package Poses as Tailwind Tool
A malicious package in the npm open source code repository is hitching a social engineering ride on the "Tailwind" legitimate software library tool, which millions of application developers use...
Tribe DAO votes in favor of repaying victims of $80M Rari hack
After months of uncertainty, the Tribe DAO has passed a vote to repay affected users of the $80 million exploit on decentralized finance (DeFi) platform Rari Capital’s liquidity pools.Following...
Crypto bug bounty platform Immunefi raises $24M led by Framework Ventures
Web3 bug bounty and security services platform Immunefi has closed a $24 million Series A funding round, putting the company on track to scale its in-house capacity amid widespread...
Threat Actor Abuses LinkedIn’s Smart Links Feature to Harvest Credit Cards
A malicious campaign targeting Internet users in Slovakia is serving up another reminder of how phishing operators frequently leverage legitimate services and brands to evade security controls.In this instance,...
Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance
While NSO Group's Pegasus spyware is perhaps the highest-profile surveillance weapon used by repressive governments against civil society, a recently discovered, powerful mobile reconnaissance malware dubbed Hermit has come...
White hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?
A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find.Known...
The impact of the Wintermute hack could have been worse than 3AC, Voyager and...
Most crypto investors probably never heard of Wintermute Trading before the Sept. 20 $160 million hack, but that does not reduce their significance within the cryptocurrency ecosystem. The London-based...
ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat
Security researchers are sounding the alarm on the malware tool dubbed ChromeLoader. It first surfaced in January as a consumer-focused, browser-hijacking credential stealer but has now evolved into a widely prevalent...
Alternative payment apps such as AliPay a boon for cybercriminals, experts tell Congress
Written by Tonya Riley Sep 20, 2022 |...
Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords
Spell-checking features present in both the Google Chrome and Microsoft Edge browsers are leaking sensitive user information — including username, email, and passwords — to Google and Microsoft, respectively,...
