π Malware Targets Python Package Index, Steals Sensitive Data
#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
According to Cointelegraph, researchers at the Checkmarx cybersecurity firm have identified a dangerous form of malware uploaded to the Python Package Index (PyPI). This platform, used by Python developers to download and share code, has been compromised by malware that steals private keys, mnemonic phrases, and other sensitive user data.
The malware was uploaded by a suspicious user in several software packages designed to mimic decoding applications for popular wallets such as MetaMask, Atomic, TronLink, and Ronin. The malicious software was embedded within parts of these packages, allowing it to go largely undetected due to its seemingly harmless code.
Checkmarx researchers first discovered this attack vector in March 2024, leading to the suspension of new projects and user accounts on the platform until the malicious elements were removed. Despite these efforts, the malware resurfaced in early October and has reportedly been downloaded more than 3,700 times since.
The issue of malware on the Python developer hub is part of a broader trend. In September, McAfee Labs discovered sophisticated malware targeting Android smartphones, capable of stealing private keys by scanning images stored on a phoneβs internal memory. This malware used optical character recognition technology to extract text from images and was spread through text message links, prompting users to download fraudulent applications.
Additionally, Hewlett-Packardβs Wolf Security team revealed that cybercriminals are increasingly using artificial intelligence to create malware, significantly lowering the barrier to entry for creating malicious programs. In October, more than 28,000 users fell victim to malware disguised as office productivity software and gaming applications, although the malware only managed to steal a total of $6,000.#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
π Meta Fined $15.67 Million For Unauthorized Data Collection In South Korea
#Meta #DataPrivacy #SouthKorea #DataProtection #UserConsent #TechGiants #Advertising #SensitiveData #Regulation #PrivacyLaws
According to Odaily, the South Korean Personal Information Protection Commission announced on Tuesday that Meta Platforms has been fined 21.62 billion Korean won (approximately $15.67 million) for collecting sensitive user data without legal grounds and providing it to advertisers. The commission revealed that Meta gathered information on around 980,000 South Korean Facebook users, including details about their religion, political views, and sexual orientation, without obtaining user consent. This data was subsequently utilized by approximately 4,000 advertisers.
The commission stated, "We found that Meta analyzed user behavior data, such as the pages they liked on Facebook and the ads they clicked on, and created and managed advertising themes related to sensitive information." This action by Meta has raised significant concerns regarding user privacy and data protection, highlighting the ongoing global debate over the ethical handling of personal information by tech giants. The fine imposed on Meta underscores the importance of adhering to data protection regulations and obtaining explicit user consent before collecting and using sensitive information.
This development is part of a broader scrutiny of major technology companies and their data practices, as governments worldwide seek to enforce stricter privacy laws to protect citizens' personal information. The South Korean commission's decision reflects a growing trend of regulatory bodies taking decisive action against companies that fail to comply with data protection standards. As the digital landscape continues to evolve, the balance between innovation and privacy remains a critical issue for both regulators and technology firms.#Meta #DataPrivacy #SouthKorea #DataProtection #UserConsent #TechGiants #Advertising #SensitiveData #Regulation #PrivacyLaws
π Schneider Electric Faces Ransomware Attack Demanding Unique Payment
#SchneiderElectric #Ransomware #CyberAttack #Hellcat #DataBreach #Monero #CyberSecurity #SensitiveData #Hacking #InformationSecurity
According to PANews, French multinational corporation Schneider Electric has been targeted by a ransomware attack orchestrated by the hacker group 'Hellcat.' The attackers are demanding a ransom of $125,000, payable in either baguettes or the cryptocurrency Monero, threatening to release 40GB of sensitive data stolen from the company if their demands are not met. The group made their ransom demand public through an anonymous social media account, claiming to have obtained critical information related to Schneider Electric's clients and operations.
This incident marks the third cyberattack on Schneider Electric in the past two years. The company has confirmed that it is actively investigating the situation, stating that the affected platform is isolated and that their products and services remain unaffected. Analysts suggest that the unusual demand for baguettes as part of the ransom is a strategic move by the hackers to gain notoriety in the ransomware market. Schneider Electric is working to address the breach and ensure the security of its data and operations.#SchneiderElectric #Ransomware #CyberAttack #Hellcat #DataBreach #Monero #CyberSecurity #SensitiveData #Hacking #InformationSecurity
π Sensitive Data of Crypto Event Participants Illegally Sold
#SensitiveData #CryptoEvents #DataBreach #PrivacyViolation #Blockchain #CyberSecurity #EventRegistration #SocialEngineering #Malta #AIBCConference
According to PANews, sensitive information of participants from cryptocurrency industry events has been illegally sold under the guise of 'marketing, promotion, and client acquisition.' This data, which includes full names, phone numbers, nationalities, job titles, company affiliations, and personal and business social media links, was collected during event registrations. Cointelegraph obtained a 'sample' list from a seller via Telegram, featuring four lists from different events, each containing 60 to 100 participants with various data points. These events primarily occurred in the fall of 2024, with participants from countries like Southeast Asia and India, indicating an organized trade of international blockchain event participant data.
The lists are just a fraction of the data available. The seller also shared sample images linked to Blockchain Fest and Devcon. Notably, one list allegedly contains information on 1,700 attendees of the November 2024 AIBC conference in Malta. The seller intends to offer this list to a limited number of buyers, reducing the price from nearly $4,000 to $650. The seller claims to use the proceeds to purchase more lists and shared screenshots of the database. Both the seller and data compiler remain anonymous but appear to be Russian, as one sample dataset is labeled in Russian, and AI analysis suggests the seller is a native Russian speaker. This information could facilitate social engineering scams, posing a threat to the security of participants' cryptocurrency wallets.#SensitiveData #CryptoEvents #DataBreach #PrivacyViolation #Blockchain #CyberSecurity #EventRegistration #SocialEngineering #Malta #AIBCConference
π Brazil Halts Biometric Data Collection For Crypto Compensation
#Brazil #BiometricData #Cryptocurrency #DataProtection #WorldID #ANPD #Consent #DigitalIdentity #SensitiveData #WLF #TechNews
According to Cointelegraph, Brazil's National Data Protection Authority (ANPD) has mandated that Tools for Humanity (TFH), the company behind the World ID project's biometric technology, cease offering cryptocurrency or financial incentives for collecting biometric data from Brazilian citizens. This directive, effective from January 25, follows an investigation initiated in November after the World ID project's launch in Brazil.
The ANPD's enforcement division concluded that providing cryptocurrency as compensation could undermine the validity of user consent when collecting sensitive biometric data. World Network, co-founded in 2019 by OpenAI CEO Sam Altman, utilizes iris biometrics developed by Tools for Humanity, based in San Francisco and Berlin, to create a universal digital identity and financial network through iris scanning technology.
Brazilian law stipulates that consent for processing sensitive personal data must be freely given, informed, unequivocal, and specifically for designated purposes. The ANPD expressed concerns that financial incentives might unduly influence individuals' decision-making, particularly those in vulnerable situations. Additionally, the authority highlighted the sensitive nature of biometric data, the irreversible nature of its collection, and the inability to delete such data once collected.
In a related development, Germany's data protection authority, BayLDA, issued corrective measures in December for the digital identity project, requiring World Network to comply with the EU's General Data Protection Regulations regarding biometric data handling.
The native token of the World Network, WLF, has experienced a decline of over 8% in the past 24 hours, falling below $2. Since its launch in July 2023, the token has decreased by 83% from its all-time high of $11.74 in March, as reported by CoinGecko.#Brazil #BiometricData #Cryptocurrency #DataProtection #WorldID #ANPD #Consent #DigitalIdentity #SensitiveData #WLF #TechNews
π New Mobile Spyware SparkKitty Targets Sensitive Data on App Stores
#MobileSpyware #SparkKitty #Cybersecurity #Kaspersky #AppStore #GooglePlay #SensitiveData #iOS #Android #ThreatDetection
According to Foresight News, cybersecurity researchers at Kaspersky have identified a new mobile spyware named SparkKitty infiltrating the App Store and Google Play. This spyware targets mnemonic phrases and wallet credential photos. SparkKitty is the successor to SparkCat, which was first discovered in early 2025. SparkCat utilized modified frameworks and libraries to steal sensitive data from iOS and Android devices, accessing user galleries through fake support chat modules to capture sensitive screenshots. Although SparkKitty has been removed from app stores, its malicious activities may persist through sideloaded variants and clone stores, posing a global threat.#MobileSpyware #SparkKitty #Cybersecurity #Kaspersky #AppStore #GooglePlay #SensitiveData #iOS #Android #ThreatDetection
π Tencent Cloud Servers Expose Sensitive Data Due to Configuration Errors
#TencentCloud #CloudSecurity #ConfigurationError #DataExposure #SensitiveData #CredentialsExposure #SourceCode #PANews #PublicInternet #DataLeak
According to PANews, Tencent Cloud servers experienced severe configuration errors, leading to the exposure of sensitive internal credentials and source code to the public internet. The issue was identified by researchers during routine scans in late July 2025. These errors allowed critical configuration files to be directly accessed externally, posing significant potential risks.#TencentCloud #CloudSecurity #ConfigurationError #DataExposure #SensitiveData #CredentialsExposure #SourceCode #PANews #PublicInternet #DataLeak
π Cyberattack Targets Mexican Government Using AI Chatbot
#Cyberattack #AIChatbot #MexicanGovernment #Anthropic #DataBreach #Cybersecurity #SensitiveData #VoterData #TaxData #AIThreat #CyberProtection #GovernmentSecurity
A hacker has exploited Anthropic's AI chatbot to launch attacks on Mexican government agencies, leading to the theft of significant amounts of sensitive tax and voter data, cybersecurity researchers report. Bloomberg posted on X, highlighting the severity of the breach and its implications for data security within government systems. The incident underscores the growing threat of AI-driven cyberattacks and the need for enhanced protective measures to safeguard sensitive information. Authorities are investigating the breach to assess the full extent of the data compromised and to prevent future incidents.#Cyberattack #AIChatbot #MexicanGovernment #Anthropic #DataBreach #Cybersecurity #SensitiveData #VoterData #TaxData #AIThreat #CyberProtection #GovernmentSecurity
π Security Breach: South Korean Tax Agency's Error Leads to $4.8 Million Token Theft
#SecurityBreach #SouthKorea #TaxAgency #PRTGtokens #Cryptocurrency #TokenTheft #MnemonicPhrase #SensitiveData #NS3AI
A South Korean tax agency inadvertently revealed a mnemonic phrase in a press release, resulting in the theft of 4 million PRTG tokens, valued at approximately $4.8 million. According to NS3.AI, the incident was confirmed by a university professor and took place within 10 hours of the leak. This breach underscores the significant risks associated with the public handling of sensitive cryptocurrency credentials.#SecurityBreach #SouthKorea #TaxAgency #PRTGtokens #Cryptocurrency #TokenTheft #MnemonicPhrase #SensitiveData #NS3AI
π Data Breach at Navia Benefit Solutions Exposes Personal Information of Over 2.6 Million Americans
#DataBreach #NaviaBenefitSolutions #PersonalInformation #SecurityBreach #SensitiveData #SocialSecurityNumbers #USDataBreach #Cybersecurity #DataProtection #SecurityMeasures
Navia Benefit Solutions has reported a security breach that compromised the personal data of 2,697,540 individuals in the United States. According to NS3.AI, the breach occurred between December 22nd and January 15th, during which an unauthorized party accessed sensitive information. The exposed data includes names, dates of birth, Social Security numbers, and contact details. The company is currently addressing the situation and taking steps to enhance its security measures to prevent future incidents.#DataBreach #NaviaBenefitSolutions #PersonalInformation #SecurityBreach #SensitiveData #SocialSecurityNumbers #USDataBreach #Cybersecurity #DataProtection #SecurityMeasures