Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. Detailed today by Reverse Engineer Karlo Zanki at Reversing Labs Inc., the software supply chain attack involves more than two dozen NPM packages that contain obfuscated JavaScript. The packages are designed to steal ...

Cryptocurrency lending provider Nexo has signed a term sheet to acquire rival lending firm Vauld, two days after Vauld suspended services amid financial challenges. The indicative or nonbinding term sheet grants Nexo a 60-day exclusive exploratory period related to the intended acquisition of Vauld, pending a satisfactory outcome of the initiated due diligence process. Upon ...

The U.S. Department of Commerce’s National Institute of Standards and Technology today said it has chosen four encryption tools designed to protect against quantum computer attacks for a planned post-quantum cryptographic standard. Of the four chosen tools, one — CRYSTAL-Kiber — offers general encryption, while the remaining three — CRYSTAL-Dilithium, Falcon and Sphincs+ — offer ...

Security intelligence firm LogRhythm Inc. today announced the launch of a new version of its security information and event management platform with new features to help security teams. LogRhythm says its SIEM Platform 7.9, in conjunction with updates to LogRhythm NDR and LogRhythm UEBA, helps security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying ...

Decentralized finance protocol startup Crema Finance has temporarily suspended services after a hacker stole $8.78 million in cryptocurrency from the company. Crema offers a concentrated liquidity protocol or CLMM that provides services for traders and crypto liquidity providers. Liquidity protocol providers offer a solution to illiquid markets by offering rewards to liquidity providers to swap ...

Unknown hackers have claimed to have stolen data on as many as a billion mainland Chinese residents and are attempting to sell the data on a hacking forum. The data is alleged to have been stolen from the Shanghai National Police database and is said to total 22 terabytes. The data includes names, addresses, national ...

Singapore-based cryptocurrency trading and lending platform provider Vauld has suspended all withdrawals, trading and deposits due to what it describes as “financial challenges.” In a blog post today, the company said the financial issues are the result of volatile market conditions and financial difficulties with key business partners. Vauld also cited the current market climate leading ...

Meta Platforms Inc.’s longstanding and at times highly controversial cryptocurrency project is ending with the announcement July 1 that the Novi digital wallet will close on Sept. 1. The Novi digital wallet launched with a pilot program in November with custody support from Coinbase Inc. Novi did not support Meta’s proposed Diem cryptocurrency but instead ...

Cryptocurrency hedge fund Three Arrows Capital Ltd. has filed for Chapter 15 bankruptcy in a New York court less than a week after it was ordered to liquidate its assets in the British Virgin Islands. Chapter 15 bankruptcy is a form of bankruptcy that allows for cooperation between U.S. courts and foreign courts when foreign ...

Google LLC’s Threat Analysis Group said today it has blocked more than 30 malicious domains linked to hack-for-hire groups from Russia, India and the United Arab Emirates. The hack-for-hire firms have been actively targeting Gmail and Amazon Web Services Inc. accounts, among others, to carry out corporate espionage attacks against companies, human rights activists and journalists. ...