LottieFiles has recently confirmed that its Lottie-Player software has been compromised in a supply chain attack aimed at stealing cryptocurrency from victims. LottieFiles’ Lottie-Player is widely used for embedding and playing Lottie animations on websites. Recently, users of Lottie-Player complained that their websites had been displaying a pop-up prompting visitors to connect their cryptocurrency wallet.  The goal was apparently to get users to connect their crypto wallets in an attempt to drain them.

The Dstat.cc DDoS review platform has recently been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years.  According to authorities, the seizure and arrests were conducted as part of "Operation PowerOFF," an ongoing international law enforcement operation that targets DDoS-for-hire platforms, aka "booters" or "stressors," to seize infrastructure and arrest the operators.

The Canadian Centre for Cyber Security recently announced that at least 20 Canadian government networks have been compromised by Chinese state-sponsored threat actors, who have maintained access over the past four years to steal valuable data.  It was noted that in addition to espionage, the data gathered is likely used to support the People’s Republic of China’s (PRC) malign influence and interference activities against Canada’s democratic processes and institutions.  It is believed the attackers dedicated significant time and resources to learn about the target networks.

New research shows that the "FakeCall" Android banking trojan, also known as "Fakecalls," has grown more sophisticated in evasion and espionage. The attack chain begins with traditional phishing to trick the target into downloading an APK file that serves as a dropper for the FakeCall malware. This article continues to discuss the advanced evasion tactics and expanded surveillance capabilities now employed by the FakeCall Android banking trojan.

Cisco Talos researchers have observed threat actors using copyright infringement claims to trick targets and deploy infostealers. According to the researchers, the ongoing attack in Taiwan is being spread through phishing emails containing malware attachments. The emails pose as legal notices from copyright holders or legal representatives of companies making copyright claims. This article continues to discuss malware operators tricking targets using the threat of a copyright infringement claim.

Colorado state election officials recently announced that voting system passwords were mistakenly put on the Colorado Secretary of State's website for several months before being spotted and taken down.  The state election officials said the lapse did not pose an immediate threat to the upcoming election.  It was noted that the passwords were only one of two needed to access any component of Colorado's voting systems and are just one part of a layered security system.  The two passwords are "kept in separate places and held by different parties." 

Microsoft warns that Chinese threat actors are using the "Quad7" botnet, built with hacked Small Office/Home Office (SOHO) routers, to steal credentials in password-spray attacks. A security researcher named "Gi7w0rm" first discovered the Quad7 botnet. According to later reports by researchers at Sekoia and Team Cymru, the threat actors behind the botnet are targeting devices from TP-Link, ASUS, and more. When the devices are compromised, the threat actors launch custom malware that enables remote access to the devices over Telnet.

Sophos has detailed a years-long battle with Chinese government-backed hacking teams and admitted to using its own custom implants to track the hackers' tools, movements, and tactics. The company said it has fought multiple zero-day attacks on its enterprise products since 2018, with each attack growing more sophisticated and aggressive. This article continues to discuss Sophos' years-long "cat-and-mouse" game with sophisticated Chinese government-backed hackers.

Since at least September 2024, users in the US, UK, Spain, Australia, and Japan have been targeted by a new phishing kit named "Xiu Gou," which was designed to deploy phishing attacks globally. The kit, discovered by the cybersecurity firm Netcraft, features a "doggo" mascot and has over 2,000 phishing websites targeting individuals in the public sector, postal services, digital services, and banking. This article continues to discuss findings regarding the Xiu Gou phishing kit.