A new attack uses CVE-2021–41773 in Apache HTTP Server to install a cryptocurrency miner via compromised websites.

The attack chains begin when one of these adversary-controlled accounts messages a victim through X, Telegram, or Discord, urging them to test out their software in exchange for a cryptocurrency payment.
Should the target agree to the test, they are redirected to a fictitious website from where they are promoted to enter a registration code provided by the employee to download either a Windows Electron application or an Apple disk image (DMG) file, depending on the operating system used.
On Windows systems, opening the malicious application displays a Cloudflare verification screen to the victim while it covertly profiles the machine and proceeds to download and execute an MSI installer. Although the exact nature of the payload is unclear, it’s believed that an information stealer is run at this stage.
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users’ digital assets at risk.
“These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox,” Koi Security researcher Yuval Ronen said.
The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week.
Have you heard about the crazy guys who bought an entire tower to convert it into a vertical village? Yes, that’s us.
Do you want to walk the 16-floor tower and explore the space? Still on the fence, if you should become a citizen? Do you have questions about how you can get involved and co-create? Wanna hear updates on what happened in the last 2 weeks? This event is for you! 👩🚀
About us: We are transforming a 16-floor tower in the heart of San Francisco into a self-governed vertical village —a hub for frontier technologies and creative arts. 8 themed floors will be dedicated to creating tier-one labs, spanning AI, Ethereum, biotech, neuroscience, longevity, robotics, human flourishing, and arts & music. These floors will house innovators and creators pushing the boundaries of human potential in a post-AI-singularity world.
AT&T has launched a new security feature called “Wireless Lock” that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled.
This new feature has been available for some customers for almost a year and has now been rolled out to all AT&T customers.
SIM swap attacks are when cybercriminals port, or move, a targeted phone number to a device under their control. This allows them to intercept the target’s calls, texts, and multi-factor authentication codes to breach further accounts, such as email, banking, and cryptocurrency wallets.
Europol dismantled a crypto fraud syndicate laundering $540M from 5,000 victims worldwide.
A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices.
The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices.
When installing crypto wallets, the installation process tells users to write down the wallet’s recovery phrase and store it in a secure, offline location.
The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and “scareware” sites.
DuckDuckGo is a privacy-focused web browser and search engine that doesn’t track users’ searchers or browsing history.
The browser, which became available as a public beta for macOS and Windows in October 2022 and June 2023, respectively, blocks all trackers by default, does not engage in personalized search profiling, and offers powerful anonymity tools.
Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020.
Archetyp Market sellers provided the market’s customers with access to high volumes of drugs, including cocaine, amphetamines, heroin, cannabis, MDMA, and synthetic opioids like fentanyl through more than 3,200 registered vendors and over 17,000 listings.
Over its five years of activity, the marketplace amassed over 612,000 users with a total transaction volume of over €250 million (approximately $289 million) in Monero cryptocurrency transactions.