Lucene search
K

750 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/06 3:20 p.m.15 views

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

In this article 1. Activity overview 2. Mitigation and protection guidance 3. Hunting queries 4. Indicators of compromise Microsoft researchers continue to observe the evolution of an infostealer campaign distributing ClickFix‑style instructions and targeting macOS users. In this recent iteration...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.10 views

Age Verification in the Web -- Holy Grail to Control Access to Restricted Content

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/24 11:48 a.m.11 views

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages designed to look...

6.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/22 12:30 p.m.6 views

Malicious trading website drops malware that hands your browser to attackers

During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer , data-stealing malware designed to quietly harvest sensitive information from infected devices, including browser data, login sessions, and...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/21 7:3 a.m.7 views

Malicious code in typelimagic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/21 7:3 a.m.9 views

MAL-2026-2963 Malicious code in typelimagic (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7fcef0c386cca43024460aa4a1b47a99109e4ba02159a8fbe426c12f9884a83e Clone of a legitimate library. The added code scans system for sensitive files, with the focus on crypto currency wallets, and exfiltrate them. Previous versio...

6AI score
Exploits0References1
Securelist
Securelist
added 2026/04/20 9:22 a.m.9 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/04/20 9:1 a.m.5 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/17 9:25 a.m.7 views

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.15 views

CVE-2025-69893

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

4.6CVSS6AI score0.00246EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/04/15 10:37 a.m.7 views

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

6AI score
Exploits0
OSV
OSV
added 2026/04/15 6:24 a.m.15 views

MAL-2026-2827 Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/04/14 3:30 p.m.4 views

EUVD-2025-209448

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

6AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 3:16 p.m.6 views

CVE-2025-69893

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

4.6CVSS0.00246EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/04/14 11:52 a.m.7 views

Omnistealer uses the blockchain to steal everything it can

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...

6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.4 views

CVE-2025-69893

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

6AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 12:0 a.m.7 views

CVE-2025-69893

CVE-2025-69893 describes a side-channel vulnerability in BIP-39 mnemonic processing observed in Trezor hardware wallets (One v1.13.0–v1.14.0, T v1.13.0–v1.14.0, Safe v1.13.0–v1.14.0). The root cause is non-constant time execution and specific branch patterns during word search dictated by the BIP...

4.6CVSS6AI score0.00246EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/09 5:26 p.m.6 views

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 1:21 p.m.7 views

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/09 11:54 a.m.8 views

New macOS Malware notnullOSX Targets Crypto Wallets Over $10K

macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data...

5.9AI score
Exploits0
Rows per page
Query Builder