cybersecurity

According to Slow Fog's disclosure, a new variant of Shai-Hulud Hades has been found attacking PyPI. The malicious package drops a .pth file that executes automatically when Python starts, and checks if Bun is installed locally; if not installed, it downloads the official Bun binary from GitHub Releases, and then executes a multi-layer obfuscated JavaScript payload to steal credentials from GitHub, npm, AWS, and cloud services.Slow Fog stated that this variant uses the same RSA public key and infrastructure as previous Shai-Hulud attacks, and has capabilities such as encrypted exfiltration, persistence, CI/CD injection, and GitHub Actions injection.

According to the official announcement, Bitget stock derivatives have now launched for 15 underlying assets including ADBE (Adobe), CRWD (CrowdStrike), HPE (Hewlett Packard Enterprise), BX (Blackstone Group), TWLO (Twilio), covering popular sectors such as cybersecurity, AI data centers, satellite communications, and small-cap ETFs.

Bitget Chief Legal Officer Hon Ng today released an open letter, announcing that Bitget has officially launched the 2026 Global Anti-Fraud Month campaign, themed "More Assets, Stronger Protection."In the letter, Hon Ng pointed out that as the platform expands from crypto assets to a multi-asset ecosystem, users face increasingly complex cybersecurity threats while enjoying broader market access. He emphasized that the multi-asset era means greater responsibility. User protection is not a one-time project but a continuous result of risk monitoring, rapid response, security education, and industry collaboration.The open letter also disclosed Bitget's security and anti-fraud achievements for 2025. Data shows that Bitget intercepted over 150 million malicious attack requests throughout the year, identified over 13,000 high-risk malicious IPs, handled 18,135 user protection cases, and assisted users in recovering approximately $32.3 million related to security incidents and fraudulent activities.In addition, Bitget's security system achieved over 2.8 billion risk interceptions through customized protection rules, defended against over 1.5 billion DDoS attack attempts, and introduced machine learning-based behavioral analysis capabilities to further identify suspicious activities and potential risks.

Drift Protocol stated that its current top priority is to restart the platform and restore revenue-generating capabilities to expedite the recovery process of user funds. After the platform restarts, it will become the largest USDT-based perpetual contract trading platform on Solana, and the related revenue will be used to support a specially established user compensation fund.Drift claims that substantial progress has been made in the restart efforts with strategic support from Tether and other partners. To enhance security, Drift announced the appointment of Noah Prince, the former head of engineering at Helium Protocol, as the protocol lead, responsible for protocol restructuring and security system upgrades.Meanwhile, former members of the Gauntlet team have also joined the restart efforts, providing risk management and treasury design support for the platform, including clearing engine reviews, funding rate optimization, market parameter adjustments, and ongoing risk monitoring. Additionally, Drift has hired the cybersecurity company Mandiant to conduct an independent forensic investigation of the attack incident.The investigation results indicate that this attack can be clearly attributed to the North Korean hacker group UNC6862, which is associated with multiple cyber attack operations. Drift stated that it will continue to prioritize security in advancing the platform restart and will announce the user compensation mechanism and specific timeline in the future.

The "Anthropic" plan allows the EU's cybersecurity agency to use the powerful artificial intelligence tool "Mythos," which can discover and exploit vulnerabilities in computer systems.According to informed sources, Anthropic will allow the European Cybersecurity Agency to join the "Glass Wings" project. This project aims to let key institutions test the capabilities of "Mythos" before widespread deployment. A spokesperson for the European Commission stated that negotiations with Anthropic are progressing but declined to comment further.

According to Fortune magazine, the UK AI agent security and governance platform Geordie AI has completed a $30 million Series A funding round, led by Balderton Capital, with participation from Crosspoint Capital, and additional investments from General Catalyst and Ten Eleven Ventures, resulting in a post-money valuation of $155 million. This is the largest Series A funding round to date for a cybersecurity startup in Europe.The company was co-founded by former executives from the UK cybersecurity company Darktrace and the code security company Snyk. Its platform can discover and monitor AI agents operating within enterprises in real-time, identifying risks and dynamically constraining agent behavior. Geordie is currently deployed in approximately 30 client environments, including financial data company AlphaSense and the Franco-American joint venture AI biotechnology company Owkin.

According to Cryptopolitan, cybersecurity analysts have discovered a new type of fileless remote access trojan (RAT) named RemotePE. It is believed that the cybercrime organization Lazarus Group, associated with North Korea, is using this trojan to attack banks and cryptocurrency companies. The trojan operates entirely in memory, making it difficult for traditional antivirus and forensic tools to detect. Attackers impersonate trading company employees via Telegram, using forged Calendly and Picktime links for social engineering attacks. The malware is loaded in a three-stage chain through DPAPILoader, RemotePELoader, and RemotePE, with the entire process avoiding contact with the file system, utilizing process hollowing, anti-analysis checks, and encrypted C2 communication to evade detection.This malware was first discovered in September 2025. In the first four months of 2026, the Lazarus organization has stolen approximately $577 million in cryptocurrency assets, accounting for 76% of the total global cryptocurrency theft. Since 2017, the organization has accumulated a total theft amount of $6 billion.

According to informed sources, U.S. President Trump is expected to issue an executive order aimed at strengthening cybersecurity for artificial intelligence as early as Thursday and has invited leaders from the tech industry to attend the signing event. Media reports previously indicated that the order Trump is expected to sign will modify the existing cybersecurity information sharing program to include artificial intelligence companies, but it will not require federal approval for cutting-edge models.Instead, the order will call for voluntary testing of cutting-edge artificial intelligence systems by the government to identify and patch vulnerabilities in federal, state, and local networks as well as critical infrastructure in the U.S., without the need for extensive new regulations. Informed sources stated that invitations have been sent to several tech industry executives to attend the signing ceremony at the White House on Thursday, but it is currently unclear who will attend.

According to Cointelegraph, crypto risk management and infrastructure provider Chaos Labs stated that its oracle network experienced a suspected "nation-state" hacker attack last weekend but was not breached.Chaos Labs founder Omer Goldberg stated on the X platform that the attack was strictly limited to the operational wallets used for daily on-chain operations, and the oracle network was never compromised. The oracles operate in a fully isolated environment, with nodes distributed globally, protected by multi-layer security and encryption controls. Chaos Labs has rotated all keys since the attempted attack and has not detected any suspicious activity.

According to Cointelegraph, Robinhood users have recently encountered a phishing attack. The attackers exploited the Gmail feature that ignores the "." in email usernames, along with a vulnerability in the Robinhood account creation process, to register accounts that are very similar to the target email addresses. This allowed them to send fake reminder emails with phishing links to the victims' inboxes from the Robinhood official mail server.Cybersecurity researcher Alex Eckelberry stated that the email could pass SPF, DKIM, and DMARC verification, appearing to come from an official address. Robinhood stated that this incident did not involve a system or customer account breach, and that user funds and personal information were not affected, but advised users to delete the related emails and not to click on suspicious links.

Police officer Guo Tingyu from the Cybersecurity Division of the Qingshan Branch of the Wuhan Public Security Bureau participated in the investigation of Hubei's first virtual currency theft case. By tracking the flow of funds and analyzing the code of fake wallets, he identified and dismantled a cryptocurrency theft gang involved in over 100 million yuan in illicit funds, with all five suspects arrested.The gang induced users to download a counterfeit virtual currency wallet app to steal coins, with a total download count of over ten thousand. Guo Tingyu also participated in the investigation of multiple virtual currency-related criminal cases.

According to Decrypt, Admiral Samuel Paparo, the commander of the U.S. Pacific Command, stated during a hearing before the U.S. House Armed Services Committee that the U.S. government is currently running a Bitcoin node for cybersecurity-related testing, but is not engaged in mining.Paparo indicated that the U.S. military's interest in Bitcoin primarily focuses on its value as a computer science tool, including cryptography, blockchain, and reusable proof-of-work mechanisms, with the aim of using the Bitcoin protocol to strengthen cybersecurity and enhance military capabilities, which is still in the experimental stage. He also mentioned that maintaining the global dominance of the U.S. dollar aligns with U.S. military interests and gave a positive evaluation of the stablecoin legalization bill, the GENIUS Act, signed by Trump last summer, believing that the bill helps to solidify the global position of the dollar.

According to Cointelegraph, Admiral Samuel Paparo of the U.S. Navy stated at a Senate Armed Services Committee hearing that Bitcoin is a "valuable computer science tool," and its proof-of-work technology has significant applications in cybersecurity, increasing the cost of attacks for adversaries and can be used to protect data, information, and command signals, helping to support U.S. national security interests.Paparo noted, "Beyond the economic aspect, it has very important computer science application value in cybersecurity." Previously, Jason Lowery, a member of the U.S. Space Force, also made similar points in 2023.

According to Decrypt, Mozilla recently revealed that Anthropic's latest AI model, Claude Mythos, identified 271 security vulnerabilities during internal testing of the Firefox browser, and the related vulnerabilities have been fixed this week.In comparison, a previous version of the Anthropic model only found 22 security-sensitive vulnerabilities. Mozilla stated that all discovered vulnerabilities were within the scope of top human researchers' findings. Claude Mythos was officially released in March 2026 and is Anthropic's most powerful model in the fields of reasoning, coding, and cybersecurity, currently available for use by vetted partners such as Amazon, Apple, and Microsoft through the "Project Glasswing" initiative.

According to Cointelegraph, the Monetary Authority of Singapore (MAS) has urged banks to strengthen their cybersecurity defenses due to heightened regulatory concerns arising from the spread of the Mythos AI model under Anthropic in the Asia region.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.

The Ethereum Foundation recently released a summary report on the ETH Rangers security project, revealing that during a 6-month security funding program, researchers identified approximately 100 suspected state-sponsored cyber operatives, including infiltrators from North Korea, who have been active in multiple Web3 projects.The report indicates that relevant investigations were advanced through projects like the "Ketman Project," where researchers issued warnings to about 53 blockchain projects, revealing that these individuals infiltrated development teams under false identities and participated in fund flows and technical positions. Meanwhile, some related funds have been frozen, amounting to hundreds of thousands of dollars. The security team also incorporated relevant intelligence into the threat analysis system for the Lazarus Group and disclosed it at security conferences such as DEF CON, showing that state-level cyber attacks are continuously infiltrating the infrastructure of the cryptocurrency industry.In terms of overall results, the program has frozen or recovered over $5.8 million in funds, reported or documented over 785 vulnerabilities, and handled 36 security incidents, indicating that the security threats currently faced by the Ethereum ecosystem have escalated from simple vulnerability attacks to systemic risks involving state-level actors. Additionally, the report points out that North Korean hackers have also infiltrated projects through methods such as "remote IT workers," involving various attack paths such as account takeovers, freelancing platform infiltrations, and fund transfers, making them a key target for industry prevention.The Ethereum Foundation emphasizes that the security of decentralized networks requires "decentralized defense" and will continue to support security research, threat intelligence, and talent development to address the escalating state-level cyber threats.

OpenAI announced the launch of the GPT-5.4-Cyber model, which is fine-tuned from GPT-5.4 for cybersecurity scenarios, reducing the refusal limits on security-related requests under specific conditions to support specialized operations such as binary reverse engineering.According to the introduction, the model is only available to vetted security vendors, corporate security teams, and researchers through the "Trusted Access for Cybersecurity" (TAC) program. OpenAI stated that the relevant layered mechanism will limit the scope of model usage and impose additional constraints on access in low visibility scenarios.

The Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) of the U.S. Department of the Treasury announced a new initiative today aimed at strengthening cybersecurity in the digital asset industry.This initiative will provide timely, actionable cybersecurity information to eligible U.S. digital asset companies and industry organizations, helping them better identify, prevent, and respond to cyber threats targeting their customers and networks. This action implements an important recommendation from the President's Working Group on Financial Markets in the report "Enhancing the U.S. Leadership in Digital Financial Technology."