Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]
Also: Detainment in GainBitcoin Case, Solv Protocol and Gondi HacksThis week, an arrest in a $46M U.S. Marshals theft, a detainment in the GainBitcoin case, exploits at Solv Protocol and Gondi, an Alibaba AI agent's mining attempt, the SEC dropping claims against Justin Sun, Treasury weighing in on mixers, Bithumb facing suspension and a lawsuit against Coinbase.
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. [...]
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. [...]
Peter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker. [...]
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.
Also: Samourai Wallet Co-Founders' Guilty Plea, Coinbase Loss From Data TheftThis week, Tornado Cash co-founder convicted, Samourai Wallet guilty plea, Coinbase insider data theft, a U.S. court overturned an OpenSea executive's fraud conviction, AI-written malware stole crypto, Credix exploit, CZ sought dismissal of FTX claim, July hacks and a FinCEN crypto ATM warning.
Also: CoinDCX's $44 Million Exploit, Crypto Theft Hit $2.17B in First Half of 2025This week, Russia crypto laundering in Krygyzstan, CoinDCX lost $44M in a hack, the U.S. sought $7.1M in crypto linked to oil tank investment scam, Ex-NCA officer was jailed for stealing seized bitcoin, crypto thefts hit $2.17B in the first half of 2025 and Trump Media revealed $2B bitcoin holdings.
Also: Mango Markets Hacker's Convictions Overturned, Coinbase LawsuitThis week, $223M Cetus Protocol hack, U.S. judge overturned Mango Markets hacker convictions, class action lawsuit against Coinbase, Cork Protocol's $12M exploit, fake software sites spread crypto-stealing malware, a violent crypto-linked kidnapping and civil proceedings against the ex-ACX exec.
Also: A $40M Block Penalty, US SEC Guidance on Crypto LawsThis week, a KiloEx exploit, Block fined $40M, U.S. Securities and Exchange Commission guidance on crypto laws, Senate Democrats slammed NCET disbandment, $4.3M scam disrupted, guilty plea in $3.3M tax evasion and a South Korea ban on crypto apps.
The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols. [...]
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023
The U.S. Federal Bureau of Investigation (FBI) is warning investors that cyber criminals increasingly exploiting security vulnerabilities in Decentralized Finance (DeFi) platforms to steal cryptocurrency. [...]
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks
Plus: HP fixes critical Teradici flaws, Karakurt may be a Conti side hustle, and info-stealing malware set free In Brief Microsoft will pay more — up to $26,000 more — for "high-impact" bugs in its Office 365 products via its bug bounty program.…