MAL-2026-5276 Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in nucbox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e98ac1a9b5840905b608a09e8e66c73b750c0baa17d6b7789adfc94a8fd815e4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5278 Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

MAL-2026-5283 Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e17ca2529781ce61d69b2d7e765c5e3e790d3ae2e2f187b006d710d7f9ed1 Versions 0.0.7, 0.0.8 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5285 Malicious code in ufish (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27371fa53e0e8e5e763b18b9bcadfd9b6991c720dd154d17bffeab0e7a139ef4 Versions 0.1.2, 0.1.3 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in synago (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bee487bb185457ca9e9d74e0963e23be3e84241a6bcd7d0bd5ca44855dd7d28b Versions 0.1.1, 0.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

Malicious code in spateo-release (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...

Malicious code in okite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ec7e17ca2529781ce61d69b2d7e765c5e3e790d3ae2e2f187b006d710d7f9ed1 Versions 0.0.7, 0.0.8 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

MAL-2026-5277 Malicious code in pantheon-toolsets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9c9711927907f09a0ef2b146d3aba3b8a06197b9af3f639d579015cdab7c0d5d Versions 0.5.5, 0.5.6 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed...

New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

The newly discovered Reaper malware bypasses Apple's macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor...

Navigating MiCA: A Practical Compliance Guide for European CASPs

MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs...

WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our multi-signature wallets involving a loss of funds exceeding $230 million," the company said in a...

Dutch Court Sentences Tornado Cash Co-Founder to 5 Years in Prison for Money Laundering

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was redacted in the verdict, it's known that Alexey Pertsev, a 31-year-old Russian national, had been awaiti...

Outdated Wallets Threatening Billions in Crypto Assets

By Waqas The vulnerability is dubbed Randstorm, impacting browser-generated wallets created between 2011 and 2015. This is a post from HackRead.com Read the original post: Outdated Wallets Threatening Billions in Crypto Assets...

New Variant of BlackGuard Stealer Malware Steals Sensitive Information and Crypto Wallets

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the BlackGuard stealer malware that propagates through removable media and hijacks crypto wallets. It can steal sensitive information from various applications and supports stealing...

SEC Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds

The U.S. Securities and Exchange Commission SEC on Tuesday announced that it will expand and rebrand its Cyber Unit to fight against cyber-related threats and protect investors in cryptocurrency markets. To that end, the SEC is renaming the Cyber Unit within the Division of Enforcement to Crypto...

Rarible NFT Market Vulnerability Authorized Attackers to Transfer Crypto Assets

By Deeba Ahmed The vulnerability could allow attackers to steal crypto and NFT tokens in a single transaction if exploited. Check… This is a post from HackRead.com Read the original post: Rarible NFT Market Vulnerability Authorized Attackers to Transfer Crypto Assets...

‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps

For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...

Crypto vulnerability management

In this blog series, weve discussed in detail how crypto assets and currencies are no longer passing fads. Even if your C-suite remains skeptical, security leaders and teams cant afford to keep watching, waiting, and speculating about whats going to happen or when your organization will be direct...

Payments paradigm shift

Crypto assets have been around for over a decade, and with the recent Coinbase IPO, we believe we are well past the point of calling this a "passing fad." In fact, we believe that crypto assets -- particularly bitcoin -- have now passed the tipping point from being considered an unconventional...