Search Results: CryptoSecurity

Attackers compromised a key npm maintainer's account through sophisticated phishing, injecting malicious code into 19 popular packages with over 2.6 billion weekly downloads. The malware hijacks cryptocurrency transactions by rewriting wallet addresses in real-time. This represents one of the largest software supply chain attacks in history, impacting developers globally.

Security firm CTM360 has uncovered a sophisticated malware operation targeting TikTok's e-commerce ecosystem. Dubbed 'ClickTok,' the hybrid attack combines fake shops and trojanized apps to deploy SparkKitty spyware, harvesting cryptocurrency credentials through screenshot theft. The campaign has already spawned over 10,000 impersonated domains and 5,000 malicious app instances.

A newly disclosed vulnerability in OpenSSL 3.0, tracked as CVE-2022-3786, allows malicious email addresses to trigger a heap buffer overflow during X.509 certificate verification. While exploitation requires specific conditions, successful attacks could lead to remote code execution or crashes. This flaw underscores persistent risks in foundational cryptographic libraries.