#Moneroβs price surged to an all-time high, potentially driven by a multi-million dollar #cryptotheft. The attacker converted stolen #Litecoin and #Bitcoin to Monero, causing a sharp increase in #XMRβs price. While details of the theft remain unclear, several suspected wallets have been identified. https://www.theblock.co/post/386014/monero-hit-all-time-high-this-week-crypto-sleuth-zachxbt-thinks-he-knows-why?eickercrypto.com #crypto #blockchain
#CryptoTheft
Morning, cyber practitioners! It's been a busy start to the year with significant breaches impacting government contractors and healthcare, ongoing crypto theft linked to past compromises, and new insights into nation-state activity. We're also seeing an old Fortinet vulnerability still being actively exploited, and regulators are taking a hard look at AI deepfakes. Let's dive in:
Recent Cyber Attacks and Breaches β οΈ
- Sedgwick Government Solutions, a major federal contractor, confirmed a cyber incident affecting an isolated file transfer system, with the TridentLocker ransomware gang claiming 3.4 GB of data theft. The company states no wider systems or claims management servers were impacted.
- Covenant Health, a Catholic healthcare provider, has revised the impact of its May 2025 data breach to nearly 478,188 patients. The Qilin ransomware group claimed responsibility, having stolen 852 GB of data, including names, SSNs, health insurance, and treatment details.
- Trust Wallet's browser extension suffered an $8.5 million crypto theft from over 2,500 wallets, linked to exposed GitHub developer secrets and a leaked Chrome Web Store API key. Attackers published a malicious JavaScript file in a trojanised extension, bypassing internal review, and the incident is believed to be related to the "industry-wide" Shai-Hulud NPM supply chain attack.
- Ongoing cryptocurrency thefts, totalling over $35 million, have been traced back to the 2022 LastPass breach, with attackers gradually decrypting stolen encrypted vaults containing private keys and seed phrases. TRM Labs successfully "demixed" funds laundered through Wasabi Wallet's CoinJoin, linking the activity to the Russian cybercrime ecosystem.
- A cybercrook claims to be selling 139 GB of engineering data from Pickett and Associates, a firm serving major US utilities like Tampa Electric Company, Duke Energy Florida, and American Electric Power, for 6.5 Bitcoin. The alleged data includes LiDAR files, orthophotos, and design files, highlighting the increasing targeting of critical infrastructure.
ποΈ The Record | https://therecord.media/sedgwick-cyber-incident-ransomware
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/covenant-health-says-may-data-breach-impacted-nearly-478-000-patients/
ποΈ The Record | https://therecord.media/covenant-health-breach-qilin
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/trust-wallet-links-85-million-crypto-theft-to-shai-hulud-npm-attack/
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/cryptocurrency-theft-attacks-traced-to-2022-lastpass-breach/
π΅πΌ The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/02/critical_utility_files_for_sale/
New Threat Research and Tradecraft π‘οΈ
- Transparent Tribe (APT36) is targeting Indian governmental, academic, and strategic entities with new RAT attacks. The campaign uses weaponised LNK files disguised as PDFs, executing a remote HTA script that loads the RAT directly into memory, with persistence mechanisms adapting based on detected antivirus solutions.
- Cybercriminals are abusing Google Cloud's Application Integration "Send Email" feature to send phishing emails from a legitimate `noreply-application-integration@google[.]com` address, bypassing DMARC and SPF checks. The multi-stage attack uses Google Cloud services for redirection and a fake CAPTCHA before leading to a credential-stealing Microsoft login page.
π° The Hacker News | https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html
ποΈ The Record | https://therecord.media/pakistan-linked-hacking-group-targets-indian-orgs
π° The Hacker News | https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html
Actively Exploited Vulnerability π¨
- Over 10,000 Fortinet firewalls remain exposed to CVE-2020-12812, a critical (9.8 severity) five-year-old 2FA bypass vulnerability in FortiGate SSL VPN. Attackers are actively exploiting this flaw when username case is changed and LDAP is enabled, with state-sponsored groups and ransomware actors having leveraged it since at least 2021.
π€ Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/
Regulatory Spotlight on AI Deepfakes βοΈ
- European regulators, including France and the UK, are considering action against Elon Musk's X after its AI tool Grok was used to create sexually explicit deepfakes of a minor. The UK plans to ban "nudification tools," intensifying the debate between European content moderation efforts and X's stance on free speech.
ποΈ The Record | https://therecord.media/europe-regulators-grok-france
Law Enforcement & Cybersecurity Recognition π
- Gavin Webb of the National Crime Agency (NCA) has been awarded an OBE by King Charles for his strategic coordinating role in Operation Cronos, the international law enforcement effort that disrupted the LockBit ransomware group. LockBit was responsible for a quarter of all ransomware attacks between 2023-2024.
- British security researcher Jacob Riggs has secured Australia's rare Subclass 858 National Innovation visa after discovering a critical vulnerability in the Department of Foreign Affairs and Trade (DFAT) systems, demonstrating his commitment to cybersecurity.
- Ilya Lichtenstein, who pleaded guilty to money laundering related to the 2016 Bitfinex crypto theft, has been released early after serving approximately 14 months, attributing his release to Trump's First Step Act. His wife, Heather Morgan, also received an early release.
π΅πΌ The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/02/nca_new_year_honours/
π΅πΌ The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/02/brit_security_australia_visa/
π΅πΌ The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/02/bitfinex_crypto_thief_released/
#CyberSecurity #ThreatIntelligence #Ransomware #Phishing #APT #TransparentTribe #LockBit #Fortinet #Vulnerability #Deepfake #AI #CryptoTheft #LastPass #CriticalInfrastructure #InfoSec #IncidentResponse
It's been a bit quiet over the last 24 hours, but we still have some critical updates on ongoing exploitation and the long-term fallout from a major breach. Let's dive in:
LastPass 2022 Breach Still Fueling Crypto Thefts π°
- TRM Labs reports that encrypted vault backups from the 2022 LastPass breach are still being exploited, with attackers cracking weak master passwords to drain cryptocurrency assets as recently as late 2025.
- Over $35 million in digital assets have been siphoned, with evidence pointing to Russian cybercriminal involvement through the use of associated infrastructure and high-risk exchanges like Cryptex and Audia6.
- This underscores the critical importance of strong, unique master passwords and prompt credential rotation following any breach, as a single incident can lead to multi-year theft campaigns.
π° The Hacker News | https://thehackernews.com/2025/12/lastpass-2022-breach-led-to-years-long-cryptocurrency-thefts.html
Actively Exploited Vulnerabilities in Fortinet and Digiever Devices π‘οΈ
- Fortinet has warned of active exploitation of a five-year-old 2FA bypass vulnerability (CVE-2020-12812) in FortiOS SSL VPN, allowing authentication without the second factor under specific LDAP configurations.
- CISA has added a post-authentication Remote Code Execution (RCE) flaw (CVE-2023-52163) in Digiever DS-2105 Pro NVRs to its KEV catalog, with attackers using it to deploy Mirai and ShadowV2 botnets.
- Organisations should immediately apply Fortinet's recommended mitigations (patches or CLI commands) and for Digiever NVRs, ensure devices are not internet-exposed, change default credentials, or discontinue use given its End-of-Life status.
π° The Hacker News | https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
π° The Hacker News | https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
#CyberSecurity #ThreatIntelligence #Vulnerability #RCE #Fortinet #Digiever #LastPass #DataBreach #CryptoTheft #IncidentResponse #InfoSec #CyberAttack #2FA
North Korea's cyber underworld isn't just about stolen cryptoβit's a high-stakes game of digital heists funding weapons programs. How far will their cyber tricks go?
#northkorea
#cybercrime
#cryptotheft
#sanctionsevasion
#moneylaundering
Beware, devs! A new scam group is disguising crypto-stealing malware as trusted VSCode extensions. Is your code safe? Read on and stay one step ahead.
#vscode
#malware
#cryptotheft
#tigerjack
#cybersecurity
#devsecops
#socialengineering
#openvsx
#infosec
Xcode devs, beware: a new macOS malware variant is sneaking into projects by disguising itself as a trusted appβand even hijacking clipboard crypto transactions. Curious how it evades detection?
#xcsset
#macosmalware
#xcode
#supplychainattack
#cybersecurity
#malwareanalysis
#obfuscation
#cryptotheft
#browsersecurity
GitHub notifications trusted you, right? Now imagine them doubling as a gateway for a Y Combinator scam that stole crypto. One subtle typo in a domain and hackers had developers in their sights. Stay vigilantβthis oneβs a wake-up call!
#githubsecurity
#phishing
#cryptotheft
#socialengineering
#infosec
#web3security
#zerotrust
#cybersecurity
#domainspoofing
What if your favorite game turned into your worst enemy? Block Blasters went from a hit platformer to a crypto heist tool, stealing donations and exposing shocking security flaws. Curious how it all went down?
#steamsecurity
#cryptotheft
#cybercrime
#gamingscams
#platformsecurity
π¨ Major supply chain attack hits #NodeJS packages via npm, affecting billions of downloads weekly! Malicious code targets crypto wallets to hijack transactions π Encryption experts warn: watch out for obfuscated malware in popular libs like chalk & debug. Stay vigilant! ππ‘οΈ https://www.heise.de/en/news/Major-attack-on-node-js-10637093.html #Cybersecurity #CryptoTheft #npmAttack
#newz
π¨ GreedyBear Attack: $1M Stolen π¨
A cybercrime group executed a major crypto scam, using AI and 650 tools to steal over $1M.
π―Your crypto isnβt just money. Itβs a target.
DM us to protect your crypto & your credentials.
#CyberSecurity #CryptoTheft #GreedyBear #AI #Crypto
Code highlighting with Cursor AI used for $500k theft
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
#HackerNews #CodeHighlighting #CursorAI #CryptoTheft #CyberSecurity #OpenSource
π¨ Cyber Alert: Cursor IDE-extensie steelt $500k aan crypto! Ontwikkelaars, wees waakzaam bij het installeren van extensies. Bescherm je crypto en gegevens! #CyberSecurity #CryptoTheft
https://itinsights.nl/cybersecurity/cursor-ide-extensie-steelt-500-000-aan-crypto/
At last, a use case for AI agents with sky-high ROI: Stealing crypto
https://www.theregister.com/2025/07/10/ai_agents_automatically_steal_cryptocurrency/
#HackerNews #AIagents #Cryptocurrency #ROI #Cybersecurity #CryptoTheft #TechNews
Our next special issue is coming out soon and if you want to read it, you will need a subscription. In the meantime, here's a preview of the subject in a podcast with Mike Towers of Veza. StrikeReady Vinod Goje FedEx ACC #cryptotheft #predatorysparrow
https://cyberprotection-magazine.com/preview-special-issue-on-nhi
NimDoor crypto-theft macOS malware revives itself when killed
https://www.bleepingcomputer.com/news/security/nimdoor-crypto-theft-macos-malware-revives-itself-when-killed/
#Infosec #Security #Cybersecurity #CeptBiro #NimDoor #CryptoTheft #macOS #Malware
π± Malicious apps on Google Play & App Store have been stealing users' photos and crypto. Always vet apps and monitor permissions closely!
#MobileSecurity #CryptoTheft π΅οΈββοΈπΈ
That trusted Discord link could now lead to stolen crypto and full system compromise. #CyberSecurity #DiscordHack #CryptoTheft
https://geekoo.news/discord-links-hijacked-to-spread-crypto-stealing-malware/
Discord's expired invite links are getting a dangerous makeover. Cybercriminals are turning them into gateways for malware, snatching crypto wallets and sensitive data. How safe is your digital hangout?
#discordsecurity
#malwarecampaigns
#cybersecurity
#cryptotheft
#infosectrends
π¨ Check Point Research warns: Expired #Discord invite links are being hijacked by cybercriminals! Attackers re-register old links to lure users into malicious servers, spreading #malware like AsyncRAT & Skuld Stealer targeting crypto wallets & credentials. Stay alert! ππ
https://cyberinsider.com/expired-discord-invites-hijacked-for-stealthy-malware-attacks/
#CyberSecurity #Phishing #CryptoTheft #newz
With all that Crypto comes personal security concerns! https://techcrunch.com/2025/05/18/crypto-elite-increasingly-worried-about-their-personal-safety/
Example: Teens kidnapped a man at gunpoint after he was returning from a crypto event in Las Vegas, before driving him an hour outside of the city and robbing him of $4 million in crypto and non-fungible tokens. https://cointelegraph.com/news/florida-teens-kidnap-crypto-entrepreneur-at-gunpoint-steal-4-m-in-crypto
#Crypto #CryptoTheft #Security #NFTs #Robbery #extortion #Bitcoin #Personalsafety #PrivateSecurity
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst