Coinbase data breach exposes customer info and government IDs
Coinbase, a cryptocurrency exchange with over 100 million customers, has disclosed that cybercriminals working with rogue support agents stole customer data and demanded a $20 million ransom not to publish the stolen information.
Malicious npm package using steganography downloaded by hundreds
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location.
Beyond the kill chain: What cybercriminals do with their money (Part 3)
In the third of our five-part series, Sophos X-Ops explores the more legally and ethically dubious business interests of financially motivated threat actors
Beyond the kill chain: What cybercriminals do with their money (Part 5)
In the last of our five-part series, Sophos X-Ops explores the implications and opportunities arising from threat actors’ involvement in real-world industries and crimes
Coinbase offers $20 million bounty after extortion attempt with stolen data
Cryptocurrency trading platform Coinbase said an attacker tried to extort the company for $20 million over stolen data. "We said no," Coinbase said, and instead offered that amount as a bounty.
Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures | CyberScoop
The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses.
On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends. The plan was widely greeted with astonishment. This sort of AI legislating would be a global “...
Steam n’a pas été piraté : les SMS qui ont fuité sont vieux
Valve dément ce 15 mai 2025 avoir été victime d'un piratage. Après examen, il ne s'agit pas d'une infiltration dans ses systèmes. Les SMS qui avaient fuité sont d'anciens SMS envoyés aux utilisateurs de Steam. Dans un communiqué publié ce 15 mai 2025, Steam l'assure : le service n'a pas été piraté. Selon son éditeur
Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers | CyberScoop
Russian hackers aren’t just targeting Ukraine — they also appear to be going after their defense contractors in other countries, new ESET research surmises.
Google fixes high severity Chrome flaw with public exploit
Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts.
CFPB to withdraw rule targeting data brokers | CyberScoop
The Trump administration’s CFPB nominee spoke positively in February about the Biden-era rule to regulate the sale of Americans’ personal data, but he is now slotted instead for a Treasury Department role.