Newsletters

Written content from the Risky Business Media team

Risky Bulletin: CoinMarketCap hacked via a doodle image

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

CoinMarketCap—the go-to website where everyone goes to check cryptocurrency exchange rates—was hacked on Friday.

Hackers exploited a vulnerability in CoinMarketCap's animated logo (see CoinMarketCap's doodle obsession here) to append malicious code that displayed an unauthorized popup.

The popup ran a specialized phishing kit called a "crypto-drainer" that prompted users to connect their crypto-wallet accounts and then stole their funds.

Risky Bulletin: Russian hackers abuse app-specific passwords to bypass MFA

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Russian cyber-spies have developed a new social engineering technique designed to extract application-specific passwords from their targets.

Also known as app passwords, or ASPs, these allow attackers to bypass multi-factor authentication and access a victim's Gmail accounts.

App passwords are supported on multiple online platforms, but this campaign specifically targeted Google's ASPs. These are 16-character codes that users manually generate from their Google account security page. They can be copy-pasted inside older apps that don't support Google's more modern 2FA/MFA authentication procedures.

Data Brokers are a Killer's Best Friend

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A Minnesota man has allegedly used people-search services to locate, stalk and eventually murder political targets.

The alleged shooter, Vance Boelter, is accused of killing Democratic state representative Melissa Hortman and her husband Mark on Saturday night. He is also facing charges for shooting Democratic state senator John Hoffman and his wife Yvette earlier that night. Both Hoffman and his wife survived with multiple gunshot wounds. 

According to an FBI affidavit, notebooks containing the names of more than 45 Minnesota state and federal public officials were found in Boelter's abandoned car. One notebook listed 11 different people search services that sell personal information of individuals online,  including physical addresses, emails, and phone numbers. 

Risky Bulletin: Chrome gets a new prompt to prevent sneaky local network attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Google Chrome is adding a new prompt that will ask for permissions when websites or mobile apps want to connect to a user's localhost or access devices hosted on their internal local network (LAN).

The new prompt is designed to block a rising trend on the internet, where threat actors lure users to malicious sites that access and relay malicious code through their browsers.

This code can contain CSRF (cross-site request forgery) exploits that hack local routers and IoT devices sitting on the same network and abuse them for ad fraud or other types of botnets.

Risky Bulletin: Cock[.]li gets hacked

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A threat actor named Satoshi has allegedly hacked controversial email provider Cock[.]li and is now selling its data on an underground hacking forum.

They are selling this data on a Russian language underground hacking forum named XSS for 1 Bitcoin, or approximately $105,000.

The hacker allegedly used a recently disclosed zero-day in the Roundcube webmail software (CVE-2025-49113) to dump Cock[.]li's database and steal the details of over one million registered users.

Risky Bulletin: Predator spyware alive despite US sanctions

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Despite being sanctioned twice by the US Treasury Department last year, surveillance and spyware maker Intellexa has continued to operate and has even set up new server infrastructure for its customers.

In a report published on Thursday, security firm Recorded Future says it identified new customer- and victim-facing infrastructure, along with new systems to avoid detection.

The new infrastructure includes servers and domains for hosting and delivering the Predator mobile spyware, as well as VPS servers for anonymizing traffic and hosting management panels for Intellexa customers.

Trump Scales Back Biden's Product Security Demands

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

An executive order signed by US President Donald Trump has scaled back the US government's cyber security ambitions. It has dropped a range of provisions that would encourage organisations to adopt more stringent security standards. 

The order largely takes aim at directives issued in January of this year by then-President Joe Biden. One part of that January order, stipulated that the government "identify a coordinated set of practical and effective security practices to require when it procures software" and that vendors follow those practices. Trump's order keeps the standards development part, but ditches the need for vendors to actually adhere to them.

Biden's order also strongly emphasised the rollout of post-quantum cryptography (PQC), encryption systems that are not susceptible to attacks by quantum computers. Rather than being told to transition to PQC as soon as practicable, federal agencies have now been instructed to prepare to transition to PQC. 

Risky Bulletin: SentinelOne avoids a Chinese APT hack

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Cybersecurity firm SentinelOne says it narrowly avoided getting hacked by Chinese government hackers after an APT breached one of its IT vendors that handled hardware logistics for its employees.

The company said it detected and stopped the intrusion before it reached its network.

The incident took place at the start of the year, months after SentinelOne also observed extensive reconnaissance of its internet-exposed servers.

Risky Bulletin: EU launches private DNS service

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The EU launched last week its own DNS service, with versions for government agencies, telcos, and home users.

The DNS4EU service is designed to provide a secure and privacy-focused DNS resolver for the EU bloc as an alternative to US and other foreign services.

The project was announced in October 2022 and was built under the supervision of the EU cybersecurity agency ENISA.

Risky Bulletin: APTeens go after Salesforce data

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A new hacking group that spawned out of TheCom has breached over 20 companies and stolen their Salesforce data for extortion attempts.

The group, which Google calls UNC6040, operates by calling employees at large companies and posing as their IT support—a now tried and tested technique that's being abused by multiple other threat actors.

The end goal is to get victims to install a modified version of the Salesforce Data Loader app that grants the group's members access to a company's Salesforce backend databases.