KuinaExtractor, a reported Rust-based infostealer also linked to the name k0to, highlights a familiar but dangerous pattern: steal the browser state, and you may steal the session.
A mobile banker labeled Rokarolla shows how phishing pages, look-alike prompts, and overlay-style credential theft can turn a single tap into a financial compromise.
Malicious lookalike packages in the npm ecosystem can turn routine dependency installs into a supply-chain execution event for Web3 teams and crypto wallet operators.
A malware build described as Lucid Stealer blends browser credential theft, wallet targeting, and Discord token harvesting with a legitimate Node.js packaging format that can make the payload harder to recognize at a glance.
A reported macOS stealer called Reaper pairs fake app download pages with a ClickFix-style script launch, putting browser data and crypto wallets in the crosshairs.
A macOS-focused intrusion campaign attributed to Sapphire Sleet puts the spotlight on a familiar cybercrime prize: secrets that can be reused far beyond one laptop.
A newly reported macOS campaign tied to Sapphire Sleet puts financial and crypto organizations in the crosshairs, with secrets rather than splashy malware as the prize.
An alleged abuse case tied to WordPress, API keys, and cryptocurrency wallets shows how modern fraud can scale when identity abuse meets automation.
Developer job lures are being used to deliver InvisibleFerret, a malware family tied to browser credential theft, crypto wallet targeting, and risky access to CI/CD environments.
A typosquatting wave in the npm ecosystem is a reminder that one routine install can become a high-value secret hunt.
A fresh TrickMo variant is being tied to banking, fintech, and crypto-wallet users in parts of Europe, raising the stakes for mobile fraud even where the exact technical path is still not fully clear.
A critical bug in a popular Android SDK put millions of crypto users at risk, exposing the dark side of app dependencies.
A critical vulnerability in a popular Android SDK put millions of cryptocurrency wallet users at risk-here’s what went wrong and how it was fixed.
A single software bug in a popular push notification SDK exposed personal data from over 50 million Android app installs-including 30 million cryptocurrency wallets-before it was patched.
A new malware campaign is ransacking hundreds of crypto wallets and password managers, evolving faster than defenders can keep up.
A new wave of paper-based phishing exploits data breaches and psychological blind spots to drain digital fortunes.