The Hacker News | #1 Trusted Source for Cybersecurity News

TOP STORIES 

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

Apr 07, 2025 Cloud Security / Cryptocurrency

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack," Silent Push said in an analysis. "As part of the attack, PoisonSeed provides security seed phrases to get potential victims to copy and paste them into new cryptocurrency wallets for future compromising." Targets of PoisonSeed include enterprise organizations and individuals outside the cryptocurrency industry. Crypto companies like Coinbase and Ledger, and bulk email providers such as Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho are among the targeted crypto companies. The activity is assessed to be distinct from two loosely aligned threat actors Scattered Spider and CryptoChameleon , whi...

Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws

Apr 05, 2025 Malware / Operational Security

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming cybercriminal, who, about 10 years ago, fled his hometown in Kharkov, Ukraine, to a new place somewhere near the Romanian coast. The vulnerabilities were credited by Microsoft to a party named "SkorikARI with SkorikARI," which has been assessed to be another username used by EncryptHub. The flaws in question, both of which were fixed by Redmond as part of its Patch Tuesday update last month, are below - CVE-2025-24061 (CVSS score: 7.8) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2025-24071 (CVSS score: 6.5) - Microsoft Windo...

New Threat Briefing: It's 2025 — Why Haven't We Solved Phishing Yet?!

Push SecurityIdentity Threat Detection

How phishing attacks are reliably bypassing email, network, endpoint, and identity security controls.

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

Apr 05, 2025 Malware / Supply Chain Attack

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors' obfuscation techniques," Socket security researcher Kirill Boychenko said in a report. The packages in question, which were collectively downloaded more than 5,600 times prior to their removal, are listed below - empty-array-validator twitterapis dev-debugger-vite snore-log core-pino events-utils icloud-cod cln-logger node-clog consolidate-log consolidate-logger The disclosure comes nearly a month after a set of six npm packages were discovered distributing BeaverTail , a JavaScript stealer that's also capable of delivering a Python-b...

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Apr 05, 2025 Malware / Supply Chain Attack

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs . A third package discovered by Socket, disgrasya, contained a fully automated carding script targeting WooCommerce stores. The packages attracted hundreds of downloads before being taken down, according to statistics from pepy.tech - bitcoinlibdbfix - 1,101 downloads bitcoinlib-dev - 735 downloads disgrasya - 37,217 downloads "The malicious libraries both attempt a similar attack, overwriting the legitimate 'clw cli' command with malicious code that attempts to exfiltrate sensitive database files," ReversingLabs said. In an interesting twist, the authors of the counterfeit libraries are s...

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

Apr 04, 2025 Vulnerability / Open Source,

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token ( PAT ) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for static analysis of bugs in code," Palo Alto Networks Unit 42 said in an update this week. "This enabled the attackers to move laterally between SpotBugs repositories, until obtaining access to reviewdog." There is evidence to suggest that the malicious activity began as far back as late November 2024, although the attack against Coinbase did not take place until March 2025. Unit 42 said its investigation began with the knowledge that reviewdog's GitHub Action was compromised due to a leaked PAT associated with the project's maintainer. This subsequen...

Have We Reached a Distroless Tipping Point?

Apr 04, 2025 Application Security / DevSecOps

There's a virtuous cycle in technology that pushes the boundaries of what's being built and how it's being used. A new technology development emerges and

 

1.		We built an open-source code scanner to find issues in prompts and LLM calls (github.com/kereva-dev)
		1 point by imalikshake 0 minutes ago | hide | past | discuss
2.		Scaling AI agent tooling: ideas for dynamic discovery and execution workflows
		1 point by artski 2 minutes ago | hide | past | discuss
3.		Size Matter (pgdba.org)
		1 point by soheilpro 3 minutes ago | hide | past | discuss
4.		Pico: Language Model Learning Dynamics Framework (picolm.io)
		1 point by ferriswil 5 minutes ago | hide | past | 1 comment
5.		The JSONification of Everything (sourcetms.com)
		1 point by sourcetms 7 minutes ago | hide | past | discuss
6.		Get your engineers in front of customers (soeren.codes)
		1 point by CER10TY 8 minutes ago | hide | past | discuss
7.		Airfone (computer.rip)
		2 points by todsacerdoti 8 minutes ago | hide | past | discuss
8.		DeepSeek and Tsinghua Developing Self-Improving AI Models (bloomberg.com)
		3 points by polrjoy 13 minutes ago | hide | past | discuss
9.		PHP/Symfony – All in One Symfony SEO Bundle (packagist.org)
		1 point by coding_addict 23 minutes ago | hide | past | discuss
10.		Your Startup Doesn't Need to Be a Unicorn (mattgiustwilliamson.substack.com)
		2 points by MattSWilliamson 25 minutes ago | hide | past | discuss
11.		RISC-V vector extension overview (0x80.pl)
		1 point by fanf2 26 minutes ago | hide | past | discuss
12.		With new contracts, SpaceX will become the US military's top launch provider (arstechnica.com)
		4 points by 01-_- 26 minutes ago | hide | past | discuss
13.		Unexpected Polymorphism Pitfalls of Structured LLM Outputs (cpdoyle.me)
		2 points by chrisdirl 29 minutes ago | hide | past | discuss
14.		JavaScript Font Picker (jsfontpicker.com)
		1 point by Seb-C 30 minutes ago | hide | past | discuss
15.		Russia's secret war in UK waters (thetimes.com)
		5 points by AndrewDucker 30 minutes ago | hide | past | discuss
16.		A Problem About Pigeons Powers Complexity Theory (quantamagazine.org)
		2 points by isaacfrond 30 minutes ago | hide | past | discuss
17.		Show HN: Helpedby AI – Multi LLMs chat with auto router, agentic RAG, MCP, etc. (helpedby.ai)
		1 point by mgilangjanuar 31 minutes ago | hide | past | discuss
18.		Quantum mechanics might have the solution to joystick drift (theverge.com)
		1 point by isaacfrond 39 minutes ago | hide | past | discuss
19.		Willaireplacedevelopers.com (willaireplacedevelopers.com)
		2 points by Englestone 40 minutes ago | hide | past | discuss
20.		Show HN: Browser Router – Open links in different browsers based on URL rules (github.com/x011)
		1 point by x011 43 minutes ago | hide | past | discuss
21.		Lessons learned from my first dive into WebAssembly (nullprogram.com)
		2 points by signa11 44 minutes ago | hide | past | discuss
22.		FastStream – replace any video player with a faster, accessible player (addons.mozilla.org)
		2 points by ReadCarlBarks 47 minutes ago | hide | past | discuss
23.		Conduit Makes MongoDB CDC 52% Faster Than Kafka Connect (meroxa.com)
		1 point by hariso 47 minutes ago | hide | past | 1 comment
24.		Show HN: An intentionally annoying app to break doomscrolling (speedbumpapp.com)
		1 point by nullderef 49 minutes ago | hide | past | discuss
25.		Mock-Interview.AI – End-to-end mock technical interviews (mock-interview.ai)
		1 point by popescu_traian 52 minutes ago | hide | past | 1 comment
26.		Show HN: Teach Your Parents Smartphone (teach-your-parents-smartphone.com)
		4 points by pankajtanwar 1 hour ago | hide | past | 1 comment
27.		Business strategy is like a lizard (frederickvanbrabant.com)
		1 point by TheEdonian 1 hour ago | hide | past | discuss
28.		Show HN: A free movies and series randomiser (luhakk.com)
		2 points by justanotherunit 1 hour ago | hide | past | discuss
29.		Show HN: I rebuilt my platform afetr getting 2 clients (alytica.tech)
		1 point by HarisMladenov 1 hour ago | hide | past | discuss
30.		Exploring Generative AI (martinfowler.com)
		2 points by kiyanwang 1 hour ago | hide | past | discuss
		More