Cryptocurrency Theft Archives • Daily CyberSecurity

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation Void Dokkaebi Cython malware

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation

Do Son May 28, 2026

North Korea-aligned threat actors are updating their malicious toolsets to target software developers globally. Specifically, TrendAI Research...

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware Velvet Chollima GitLab Malware Tralert FX EV Certificate

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware

Do Son May 20, 2026

A routine investigation into a low-detection installer has blown the doors off a highly organized, financially motivated...

Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign

Do Son April 21, 2026

A 24-year-old Dundee man has admitted his role in a sophisticated international cybercrime ring that utilized SMS...

The Proxifier Trap: The “Fileless” Marathon Stealing Your Crypto Proxifier Trojan Crypto ClipBanker

The Proxifier Trap: The “Fileless” Marathon Stealing Your Crypto

Do Son April 14, 2026

In the world of network administration and secure development, specialized tools like “proxifiers” are essential for tunneling...

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto SnappyClient HijackLoader

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto

Do Son March 25, 2026

Security researchers at Zscaler ThreatLabz have unmasked a sophisticated new command-and-control (C2) framework implant they’ve dubbed SnappyClient....

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets DEV#POPPER OmniStealer

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets

Do Son March 11, 2026

The eSentire’s Threat Response Unit (TRU) recently uncovered a sophisticated campaign involving a Remote Access Trojan (RAT)...

Fake CleanMyMac Site Unleashes SHub Stealer to Drain macOS Crypto Wallets SHub Stealer Mac Malware

Fake CleanMyMac Site Unleashes SHub Stealer to Drain macOS Crypto Wallets

Do Son March 10, 2026

Mac users are the target of a convincing new “brand impersonation” campaign that turns the popular utility...

Fake Jobs, Real Theft: “Contagious Interview” Malware Drains Crypto Wallets Contagious Interview Campaign MetaMask Malware

Fake Jobs, Real Theft: “Contagious Interview” Malware Drains Crypto Wallets

Do Son February 18, 2026

A notorious North Korean cyber espionage campaign targeting the tech sector has evolved with a dangerous new...

Fake CEO, Real Hack: North Korea Uses AI Deepfakes to Steal Crypto UNC1069 Deepfake Attack Cryptocurrency Malware

Fake CEO, Real Hack: North Korea Uses AI Deepfakes to Steal Crypto

Do Son February 11, 2026

North Korean threat actors are leveling up their social engineering game, using AI-generated deepfakes and sophisticated malware...

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Iranian Hacktivists Operation Epic Fury Cyber New Generation Warfare Russian Hybrid Escalation Plex data breach Water Systems Cybersecurity - Threat Actor Naming Standard

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets

Do Son February 3, 2026

One of North Korea’s most aggressive cyber units has undergone a major strategic evolution, splitting into three...

Mac Users Beware: “MacSync” Malware Tricks You Into Hacking Yourself MacSync Malware macOS ClickFix

Mac Users Beware: “MacSync” Malware Tricks You Into Hacking Yourself

Do Son January 23, 2026

A sophisticated new malware campaign is targeting macOS users with a lethal combination of social engineering and...

The Fake “RedLine”: Imposter Malware Hijacks Crypto Wallets on Discord RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

RedLineCyber Clipboard Hijacker TangleCrypt Packer, STONESTOP EDR Killer Gamaredon APT - BoneSpy and PlainGnome

The Fake “RedLine”: Imposter Malware Hijacks Crypto Wallets on Discord

Do Son January 19, 2026

A sophisticated new cybercrime operation is preying on the trust of the cryptocurrency community by masquerading as...

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord NodeCordRAT NPM Supply Chain Attack

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord

Do Son January 9, 2026

The open-source ecosystem has once again been weaponized, this time targeting developers working with cryptocurrency libraries. In...

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Do Son December 23, 2025

A new, sophisticated malware campaign is sweeping across the internet, leveraging a recently disclosed vulnerability to install...

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Do Son December 19, 2025

A sophisticated supply chain campaign targeting .NET developers working with cryptocurrency has been uncovered, revealing a network...

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft macOS Wallet Stealer, Trezor Ledger Phishing

macOS Wallet Stealer, Trezor Ledger Phishing

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

Do Son November 19, 2025

A new macOS stealer campaign—internally dubbed “Nova” by researchers—has been uncovered by reverse engineer Bruce, revealing a...

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs

Do Son November 11, 2025

The Australian Government has announced financial sanctions and travel bans on four entities and one individual involved...

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts Vidar npm Supply Chain, Typosquatting

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

Do Son November 10, 2025

Researchers at Datadog Security Research have uncovered a major supply-chain compromise in the npm ecosystem involving 17...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

GlassWorm Supply Chain Worm Uses Invisible Unicode and Solana Blockchain for Stealth C2

Do Son October 20, 2025

Cybersecurity researchers at Koi Security have discovered the world’s first self-propagating malware targeting VS Code extensions on...

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices

Do Son September 26, 2025

Cofense Intelligence has uncovered an evolving phishing campaign that uses copyright takedown notices as its primary lure....

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Cryptocurrency Theft

North Korea-Aligned Void Dokkaebi Evolves with Binary Obfuscation

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware

Scotland Man Pleads Guilty in Massive $8 Million Crypto-Heist and Phishing Campaign

The Proxifier Trap: The “Fileless” Marathon Stealing Your Crypto

Beyond the Hook: Unmasking SnappyClient, the HijackLoader-Linked Stealth Stealer Targeting Crypto

North Korean APT Unleashes DEV#POPPER RAT via GitHub to Drain Crypto Wallets

Hydra Tactics: North Korea’s LABYRINTH CHOLLIMA Splits to Hunt Crypto & Secrets

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

Australia Joins US, Slaps Sanctions on North Korean Cybercriminals for Funding WMD Programs

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

GlassWorm Supply Chain Worm Uses Invisible Unicode and Solana Blockchain for Stealth C2

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices