-
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal cryptocurrency private keys and other secrets.
- September 25, 2025
- 11:43 AM
0
-
Ripple's recommended XRP library xrpl.js hacked to steal wallets
The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets.
- April 22, 2025
- 12:45 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Solana Web3.js library backdoored to steal secret, private keys
The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets.
- December 04, 2024
- 12:31 PM
- 0
-
New Eucleak attack lets threat actors clone YubiKey FIDO keys
A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device.
- September 04, 2024
- 01:48 PM
- 0
-
PuTTY SSH client flaw allows recovery of cryptographic private keys
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.
- April 16, 2024
- 11:01 AM
- 0
-
Decryptor for Babuk ransomware variant released after hacker arrested
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator.
- January 09, 2024
- 11:46 AM
- 0
-
How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs.
- December 19, 2023
- 12:27 PM
- 0
-
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
- October 30, 2023
- 06:46 PM
- 0
-
New BitForge cryptocurrency wallet flaws lets hackers steal crypto
Multiple zero-day vulnerabilities named 'BitForge' in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet providers, including Coinbase, ZenGo, Binance, and many more.
- August 09, 2023
- 05:15 PM
- 1
-
Intel investigating leak of Intel Boot Guard private keys after MSI breach
Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices.
- May 08, 2023
- 01:31 PM
- 5
-
GitHub.com rotates its exposed private SSH key
GitHub has rotated its private SSH key for GitHub.com after the secret was was accidentally published in a public GitHub repository. The software development and version control service says, the private RSA key was only "briefly" exposed, but that it took action out of "an abundance of caution."
- March 24, 2023
- 04:33 AM
- 0
-
Cisco fixes bug allowing RSA private key theft on ASA, FTD devices
Cisco has addressed a high severity vulnerability affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.
- August 10, 2022
- 01:37 PM
- 0
-
EU investigating leak of private key used to forge Covid passes
The private key used to sign EU Digital Covid certificates has been reportedly leaked and is being circulated on messaging apps and forums. The key has also been misused to generate forged certificates, such as those for Adolf Hitler, Mickey Mouse, Sponge Bob—all of which are being recognized as valid by the official government apps.
- October 28, 2021
- 05:53 AM
- 2
-
REvil ransomware shuts down again after Tor sites were hijacked
The REvil ransomware operation has likely shut down once again after an unknown person hijacked their Tor payment portal and data leak blog.
- October 17, 2021
- 07:19 PM
- 2
-
Tor Project auctions off the first Onion URL ever created as an NFT
The Tor Project is auctioning off the first Tor Onion domain ever created, duskgytldkxiuqc6.onion, as an NFT.
- May 12, 2021
- 04:17 PM
- 0
-
Over 435K Security Certs Can Be Compromised With Less Than $3,000
After analyzing millions of RSA keys and certificates generated on low entropy lightweight IoT devices, security researchers at Keyfactor discovered that more than a quarter-million of them shared their prime factors making it easy to derive their private key and compromise them.
- December 16, 2019
- 11:45 AM
- 1
-
New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys
A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running on the same SMT/hyper-threading enabled CPU core. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core.
- November 03, 2018
- 02:24 PM
- 1
0
