London Police can’t say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
Security
Microsoft Azure Developers Awash in PII-Stealing npm Packages
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
Threatpost
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
Threatpost
HubSpot Data Breach Ripples Through Crytocurrency Industry
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
Mustang Panda’s already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
Threatpost
Top 3 Attack Trends in API Security – Podcast
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
Tax-Season Scammers Spoof Fintechs Stash, Public
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
Microsoft Help Files Disguise Vidar Malware
Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.
Threatpost
DeadBolt Ransomware Resurfaces to Hit QNAP Again
A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.
Threatpost
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
Threatpost