Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
Appuals

Fix: “sms is the last two-factor authentication” in Epic Games

When trying to log in to Epic Games, you may encounter an issue where the SMS verification code never arrives, leaving you ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...
Decrypt

LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group

Attackers forged a cross-chain message, came within minutes of a second drain, and wiped their tracks on the way out.
CoinDesk

Kelp DAO claims LayerZero’s 'default' settings are what actually caused the massive $290 million disaster

The liquid restaking protocol said the compromised verifier was LayerZero's own infrastructure, and the setup it was faulted ...
CoinDesk

LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus

LayerZero said the attackers compromised two RPC nodes the company's verifier relied on and DDoS'd the rest, with the attack ...