“Bitcoin Queen” sentenced as UK recovers £5B in crypto
UK investigators seized 61,000 Bitcoin linked to Zhimin Qian’s China-based Ponzi fraud. A London court handed her 11 years and 8 months, while civil recovery fights over billions continue.
Category: LATEST
Read More
Sprout Rust UEFI bootloader lands with speed and clean policy
Sprout is a Rust-based UEFI bootloader that pursues sub-second startup and data-driven policy. It reduces drift, speeds rollbacks, and clarifies failure modes. Secure-boot enablement is underway; teams should pilot now, prepare key management, and align firmware updates for a smooth transition to verified and measured boot.
67K+ fake npm packages hit the registry—defend your pipelines
A worm-like spam campaign flooded npm with tens of thousands of fake packages, polluting search results and straining CI/CD. Consequently, treat registries as hostile input. Enforce allowlists, verify npm provenance with Sigstore, disable lifecycle scripts by default, and promote dependencies through SLSA-aligned stages to cut risk.
UK Unveils Cyber Resilience Bill, Tougher Rules for NHS, Water
The UK introduced a Cyber Security and Resilience Bill to harden essential services and their suppliers. Consequently, regulators expand scope, speed incident reporting, and push provable resilience across NHS, water, transport, and energy.
Apache OpenOffice 4.1.16 fixes remote content and CSV flaws
Apache OpenOffice 4.1.16 fixes seven vulnerabilities that allowed silent external content loading and possible memory corruption during CSV import. Update immediately, restrict DDE and Calc external data sources, and replace templates that embed remote URLs. Verify the new prompts and monitor document-triggered network fetches
Google sues China-based Lighthouse smishing network
Google filed a lawsuit in New York to disrupt “Lighthouse,” a phishing-as-a-service network behind large-scale smishing. Consequently, the case seeks injunctions, domain seizures, and damages. For defenders, the move creates detection windows as operators pivot infrastructure so tighten filters, accelerate takedowns, and harden fraud telemetry now.
DanaBot Returns: Windows Campaign Resumes After Six-Month
DanaBot restarted Windows campaigns after a six-month break. Consequently, teams tighten email defenses, inspect loaders, and hunt for fresh C2 as affiliates pivot tooling.
GootLoader’s comeback: hidden filenames, ZIP-JS payloads
GootLoader reappeared with custom WOFF2 web-fonts that swap glyph shapes, so a gibberish string in source renders as a harmless-looking filename in the browser. Consequently, victims on SEO-poisoned WordPress sites download ZIP archives carrying JavaScript loaders that trigger rapid, hands-on compromises. Therefore, block risky downloads, hunt for loader execution, and harden WordPress and endpoints to cut dwell time and prevent domain-wide impact within hours.
npm typosquat targets GitHub Actions to steal tokens and artifacts
A malicious npm package named “@acitons/artifact” impersonates @actions/artifact, hijacks GitHub Actions tokens via postinstall scripts, and attempts to publish artifacts as GitHub showcasing a precise software supply chain attack.
Rhadamanthys disruption derails credential-theft campaigns
Rhadamanthys suffered a coordinated disruption as “customers” lost access to panels and servers. With certificate-only logins and Tor sites offline, credential theft pipelines broke. Use the lull to rotate passwords, revoke tokens, scrub loaders, and harden identity before operators relaunch under a new brand.