North Korean Threat Actors
Federal prosecutors sentenced two U.S. nationals — Matthew Isaac Knoot of Nashville and Erick Ntekereze Prince of Naples, Florida — to 18 months each for running "laptop farms" that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. They are the seventh and eighth
Threat Intelligence
ESET disclosed a North Korea-aligned APT37/ScarCruft supply-chain compromise of sqgame.net, a Yanbian-themed gaming platform serving the ethnic-Korean community on the China-North Korea border. Trojanized Android APKs deploy a new BirdCall backdoor port. The APKs are still live.
Threat Intelligence
North Korean threat actors have escalated their developer-targeting campaign by using an AI large language model to insert malicious npm dependencies into legitimate projects — operating through fake U.S.-registered companies and deploying full-featured remote access trojans targeting cryptocurrency wallets and developer infrastructure. GLOBAL — Cybersecurity researchers at ReversingLabs have documented
Threat Intelligence
An update on the macOS ClickFix threat: North Korean actors Sapphire Sleet and UNC1069 are now deploying AppleScript-based delivery chains and "Terminal-paste" lures to steal crypto-wallets and credentials from enterprise targets. SEOUL, SOUTH KOREA — The "ClickFix" social engineering phenomenon has officially evolved into a targeted nation-state
Crypto-Crime & Laundering
Blockchain security researchers and protocol developers have identified the North Korean state-sponsored Lazarus Group as the primary suspect in the staggering $290 million theft from Kelp DAO. SEOUL, KOR — The decentralized finance (DeFi) ecosystem is reeling after a sophisticated exploit targeted Kelp DAO, a leading liquid restaking protocol. Early on
Artificial Intelligence (AI)
OpenAI has taken the drastic step of rotating its developer signing certificates for macOS, forcing a mandatory update for all desktop users after a critical third-party library was linked to state-sponsored malware. SAN FRANCISCO, CA — OpenAI has confirmed it is rotating the digital certificates used to sign its macOS applications
Cyber Attacks
Drift Protocol, a prominent decentralized exchange (DEX) operating on the Solana blockchain, has been targeted in a massive exploit resulting in the loss of approximately $285 million. Leading blockchain forensic firms, including Elliptic, TRM Labs, and Chainalysis, have attributed the attack to threat actors associated with the Democratic People’s
Data Breaches
In one of the most consequential supply chain compromises of the year, security researchers have identified a sophisticated campaign to "poison" the widely used Axios software package. The attack, which targeted the npm registry used by millions of web developers, has been attributed by Google’s Threat Analysis