627 reports
The OKX DEX exploit stemmed from compromise of the ProxyAdmin owner for an old trusted DEX proxy contract, enabling the attacker to upgrade the proxy and abuse token approvals to transfer funds from users. The incident caused about $2.7 million in losses …
A Hauri analysis describes a phishing email campaign that used a broadcast-station honorarium lure to deliver a Windows shortcut file. The LNK chain authenticated to Dropbox, pulled encrypted PowerShell and PE payloads from attacker-controlled paths, decr…
Checkmarx describes exploitation of CVE-2023-42793 in Internet-exposed JetBrains TeamCity servers by separate groups tied in the report to North Korea and Russia. The article frames the TeamCity activity as part of a broader software supply-chain trend, c…
Genians reported APT37 activity using malicious HWP, HWPX, LNK, XLSX, and DOCX files, including lures disguised as North Korean market-price analysis documents. The campaign abused OLE objects embedded in Korean document formats to contact attacker-contro…
KrCERT advised users of Hunesion NGS and i-oneNGS, access-control and account-management products, to upgrade after four vulnerabilities that could expose information or enable administrator-account theft. Affected companies and institutions are directed …
0xlino's crypto-rekts repository catalogs cryptocurrency losses and recoveries, ranking incidents from Terra Classic, Africrypt, Silk Road, PlusToken and other large failures through exchange and DeFi exploits. The excerpt is a reference list rather than …
AhnLab analyzes Kimsuky's continued use of AppleSeed in spear-phishing operations against South Korean and other targets in defense, media, diplomacy, government, and academia. Recent intrusions still distribute AppleSeed through JavaScript droppers, mali…
South Korea designated eight North Korean individuals in response to the December 18 long-range ballistic missile launch. The sanctions covered people involved in illicit cyber activity, revenue generation, technology theft, and trade in sanctioned goods …
The Wezard4u analysis covers a Konni lure that impersonated a Korean National Tax Service HWP form about acquisition fund source verification. The ZIP contained an HWP themed LNK file with embedded, heavily obfuscated PowerShell that searched for the LNK,…
AhnLab describes continued Kimsuky use of AppleSeed, a backdoor that can execute operator commands, download additional malware, log keystrokes, capture screens, and collect files from infected systems. Recent cases changed the installation flow by adding…
Picus summarizes the joint CISA advisory on Play ransomware, a financially motivated group first observed in June 2022 that had compromised nearly 300 organizations worldwide by late 2023. The article describes Play's initial access through exploited publ…
QiAnXin analyzed Konni activity against South Korea that used oversized malicious LNK files with Korean language lure documents, including an email security check manual for Naver, Daum, and Gmail. The LNK files dropped a decoy document and a VBS script, …
KISIA's Cybersecurity Grand Coalition material says Kimsuky activity in South Korea continued through the first half of 2023 and around September. The source identifies Kimsuky as a North Korean Reconnaissance General Bureau linked group that targets Sout…
PolySwarm’s 2023 recap tracks several North Korea nexus clusters active across supply chain, cryptocurrency, and macOS intrusion activity. It ties Labyrinth Chollima/Lazarus to the 3CX supply chain compromise, cryptocurrency platform thefts involving Atom…
KrCERT reported an information-disclosure vulnerability in Yetisoft VestCert, software used for certificate-based login to enterprise and institutional services. Attackers could exploit the flaw to steal or delete public-certificate data from user PCs, so…