Security News

As Mandiant found during a follow-up investigation into the incident, the attacker used a wallet drainer dubbed CLINKSINK. This same drainer has been used since December to steal funds and tokens from users of Solana cryptocurrency as part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared drainer-as-a-service. Since the start of the year, a massive wave of account breaches has impacted X users, with verified organizations getting hacked to spread cryptocurrency scams and links to wallet drainers.

Someone has hijacked the X account of the US Securities and Exchange Commission, and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs on registered national security exchanges. SEC X account hijacked, "Unauthorized tweet" posted.

The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. "Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges," read the fake X post.

The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. Hackers are increasingly targeting and compromising verified government and business X accounts with 'gold' and 'grey' checkmarks to add legitimacy to their malicious tweets pushing cryptocurrency scams, phishing sites, and sites dropping crypto drainers.

The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. CertiK's gold-verified X account was compromised in a social engineering attack by a threat actor using another hacked account described by the company as "Associated with a well-known media."

Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack...

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. "We are aware of the incident impacting the Mandiant X account and are working to resolve the issue," a Mandiant spokesperson told BleepingComputer.

The FBI revealed this week that they hacked the BlackCat/ALPHV ransomware operation, which raked in $300 million from over 1,000 victims. Retrieving 400 decryption keys and likely more data from the hacked servers has significantly tarnished the ransomware operation's reputation.

The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service, wiping the agency's database and backup copies. Following this operation, carried out by cyber units within Ukraine's Defense Intelligence, military intelligence officers breached Russia's federal taxation service central servers and 2,300 regional servers across Russia and occupied Ukrainian territories.