- \n
- Researchers found a new crypto-stealing infostealer.<\/li>\n
- A large-scale attack on Vietnam.<\/li>\n
- The FBI offers $10m for information on a leading Ukrainian hacker.<\/li>\n
- The iPhone has become one of the most secure devices.<\/li>\n<\/ul>\n<\/div>\n
Researchers discover a new crypto-stealing infostealer<\/h2>\n
On 11 September, security specialists at business-focused firm Mosyle uncovered new malware capable of evading antivirus tools and stealing data from browser crypto wallets on Windows, Linux and macOS, Decrypt<\/a> reports.<\/p>\n
The ModStealer malware was distributed via fake job ads for developers. Mosyle said scammers targeted IT professionals because they likely already had the environment needed for the stealer to run.<\/p>\n
SlowMist\u2019s chief information security officer, Shan Zhang, highlighted ModStealer\u2019s features and the serious threat to the wider digital-asset ecosystem:<\/p>\n
\n
\u201cUnlike traditional stealers, ModStealer stands out for its cross-platform support and a stealthy execution chain in \u2018zero-detection\u2019 mode.\u201d<\/em><\/p>\n<\/blockquote>\n
Once executed, the malware scans browser wallet extensions, system credentials and digital certificates, then exfiltrates the data to attackers\u2019 remote servers. On macOS, it autostarts at every boot, masquerading as a background helper. Signs of infection include a hidden file named .sysupdater.dat and connections to a suspicious server.<\/p>\n
The primary aim of ModStealer is data theft\u2014specifically from crypto wallets, credential files and configurations.<\/p>\n
A large-scale attack on Vietnam<\/h2>\n
According to Reuters<\/a>, Vietnam\u2019s borrower database was hit by a cyberattack, allegedly by the international group Shiny Hunters.<\/p>\n
The incident affected the National Credit Information Center of Vietnam, which stores sensitive data including personal information, credit payments, risk analyses and credit-card details.<\/p>\n
A preliminary investigation found signs of unauthorised access, with the scale of the leak still being assessed. Authorities did not disclose how many accounts were affected.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-10578d48ffc29843-4082632657633955-1024x291.png\")
Shiny Hunters\u2019 listing for stolen data. Source: SecAtor<\/a>.<\/figcaption><\/figure>\n A dark-web listing by Shiny Hunters offers stolen data on more than 160 million people for $175,000.<\/p>\n
The FBI offers $10m for information on a leading Ukrainian hacker<\/h2>\n
During a special operation involving Ukrainian police, a ransomware group suspected of attacking the networks of global companies was neutralised<\/a>.<\/p>\n
Since 2018, the attackers targeted infrastructure at leading organisations in France, Norway, Germany, the Netherlands, Canada and the United States, encrypting more than 1,000 servers and causing losses of 3 billion hryvnias, according to the Cyber Police.<\/p>\n
The suspects were detained; some have already appeared in court, and their assets have been frozen. One of the group\u2019s leaders was notified of suspicion in absentia and placed on an international wanted list.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-3d5d3c2f95f24e07-4082633020730826-1024x429.png\")
Source: Ukraine\u2019s Cyber Police.<\/figcaption><\/figure>\n The FBI announced a reward of up to $10m for information on the whereabouts of a key member of the network. The suspect, Ukrainian citizen Volodymyr Tymoshchuk, has been placed on the EU\u2019s most-wanted list.<\/p>\n
The iPhone becomes one of the most secure devices<\/h2>\n
On 9 September Apple held<\/a> its annual product presentation. Among various unveilings, the company introduced a new security technology for the latest iPhone 17 and iPhone Air devices.<\/p>\n
The Memory Integrity Enforcement feature is designed to prevent memory-corruption bugs. These are among the most common vulnerabilities used by spyware developers and by makers of forensic phone-analysis tools used by law enforcement.<\/p>\n
\n
\u201cKnown spyware chains used against iOS have something in common with those targeting Windows and Android: they exploit memory safety vulnerabilities that are interchangeable, powerful, and exist across the industry,\u201d<\/em> the Apple blog<\/a> says.<\/p>\n<\/blockquote>\n
According to TechCrunch<\/a>, the new security technology could make the latest iPhones among the most secure devices on the planet. Experts told the outlet it will likely make life harder for makers of malware and zero-day exploits.<\/p>\n
Researchers find a loophole in Cursor AI<\/h2>\n
A vulnerability in the Cursor AI code editor exposes developers to the risk of automatically executing tasks from a malicious repository immediately after opening it. That is the conclusion of researchers at Oasis Security, reports Bleeping Computer<\/a>.<\/p>\n
Cursor AI is an AI-assisted development environment built on Visual Studio Code (VS Code) and deeply integrated with popular chatbots such as ChatGPT and Claude.<\/p>\n
According to the outlet, it is one of the fastest-growing AI tools for programming, with around a million users generating more than a billion lines of code daily.<\/p>\n
The discovered flaw allows malware to be injected, workspaces to be hijacked, and credentials and API<\/span> tokens to be stolen without the need to run commands.<\/p>\n
Oasis Security linked the problem to disabling the Workspace Trust feature in VS Code, which blocks automatic task execution without the developer\u2019s explicit consent. In its default configuration, Cursor AI runs tasks immediately after a project folder is opened. An attacker can exploit this by adding a malicious file to an accessible repository.<\/p>\n
After receiving a warning, the Cursor AI developers said they do not intend to change the auto-run approach. In their view, Workspace Trust disables AI and other features important to users.<\/p>\n
Oasis Security advised:<\/p>\n
- \n
- use a different editor to open unknown projects;<\/li>\n
- inspect repositories before opening them;<\/li>\n
- avoid exporting sensitive credentials globally in shell profiles.<\/li>\n<\/ul>\n
Also on ForkLog:<\/p>\n
- \n
- THORChain\u2019s founder lost<\/a> $1.3m in cryptocurrency.<\/li>\n
- An AI service for cyberattacks has emerged<\/a> on the dark web.<\/li>\n
- In the United States, a crypto ATM operator was charged<\/a> with facilitating fraud.<\/li>\n
- Attackers hacked<\/a> the SwissBorg crypto platform and stole $40m.<\/li>\n
- Hackers attacked<\/a> the JavaScript ecosystem to replace crypto wallets.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
Decentralisation is a defining characteristic of the blockchain industry, with direct implications for security. Web3 researcher Volodymyr Menaskop explains its state across the two leading ecosystems.<\/p>\n","protected":false},"excerpt":{"rendered":"
A roundup of the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":87004,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"This week\u2019s top cybersecurity news: new malware, an FBI bounty, and tougher iPhone defenses.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-87003","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"312","promo_type":"1","layout_type":"1","short_excerpt":"This week\u2019s top cybersecurity news: new malware, an FBI bounty, and tougher iPhone defenses.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=87003"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87003\/revisions"}],"predecessor-version":[{"id":87005,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/87003\/revisions\/87005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/87004"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=87003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=87003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=87003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- An AI service for cyberattacks has emerged<\/a> on the dark web.<\/li>\n
- THORChain\u2019s founder lost<\/a> $1.3m in cryptocurrency.<\/li>\n