The cryptocurrency sector is reeling from a massive cyberattack, allegedly orchestrated by North Korea, which resulted in the theft of $1.5 billion from the Dubai-based exchange, Bybit. This incident marks the largest digital asset heist in history, highlighting significant vulnerabilities within the industry. The Heist Unfolds Bybit officials revealed
Vault 33 | Cyber News & Intel
Vault 33 is your ultimate hub for cutting-edge cybersecurity insights, delivering expert analysis, detailed tutorials, research, and the latest updates in threat and vulnerability management.
Discover Our Featured Posts
Featured Posts

The cryptocurrency sector is reeling from a massive cyberattack, allegedly orchestrated by North Korea, which resulted in the theft of $1.5 billion from the Dubai-based exchange, Bybit. This incident marks the largest digital asset heist in history, highlighting significant vulnerabilities within the industry. The Heist Unfolds Bybit officials revealed
Recent cyberattacks have highlighted a vulnerability in Signal's device linking feature, allowing hackers to gain unauthorized access to user accounts. These attacks, primarily attributed to Russian-aligned threat actors, exploit the app's legitimate functionality to eavesdrop on communications. Exploitation of Signal's Device Linking The attacks

Recent cyberattacks have highlighted a vulnerability in Signal's device linking feature, allowing hackers to gain unauthorized access to user accounts. These attacks, primarily attributed to Russian-aligned threat actors, exploit the app's legitimate functionality to eavesdrop on communications. Exploitation of Signal's Device Linking The attacks
A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called
A novel malware named FinalDraft has been identified leveraging Outlook email drafts for command-and-control (C2) communications. This sophisticated attack has targeted a government ministry in a South American nation, as discovered by Elastic Security Labs. Malware Attack Overview The attack employs a comprehensive toolkit, including a custom malware loader called
Recent alerts from the Cybersecurity Infrastructure & Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have raised concerns about potential vulnerabilities in the CONTEC CMS8000 patient monitors. These alerts suggest the presence of a backdoor communicating with a Chinese IP address. However, upon investigation, it appears

Recent alerts from the Cybersecurity Infrastructure & Security Agency (CISA) and the U.S. Food and Drug Administration (FDA) have raised concerns about potential vulnerabilities in the CONTEC CMS8000 patient monitors. These alerts suggest the presence of a backdoor communicating with a Chinese IP address. However, upon investigation, it appears
The emergence of GeoSpy, an AI-powered tool, underscores the growing need for caution in online photo sharing. This innovative software swiftly determines a location through image analysis, presenting notable privacy and security concerns. GeoSpy's Capabilities and Development GeoSpy, created by Graylark Technologies, employs artificial intelligence to identify locations
The emergence of GeoSpy, an AI-powered tool, underscores the growing need for caution in online photo sharing. This innovative software swiftly determines a location through image analysis, presenting notable privacy and security concerns. GeoSpy's Capabilities and Development GeoSpy, created by Graylark Technologies, employs artificial intelligence to identify locations
A significant breach of AT&T's network by the Chinese state-sponsored group, Salt Typhoon, has led to unauthorized access to sensitive U.S. telecommunications data. Active undetected for over 18 months until 2023, the breach exposed critical communications metadata of FBI informants, potentially creating a crisis for
A significant breach of AT&T's network by the Chinese state-sponsored group, Salt Typhoon, has led to unauthorized access to sensitive U.S. telecommunications data. Active undetected for over 18 months until 2023, the breach exposed critical communications metadata of FBI informants, potentially creating a crisis for
A Chinese cyber adversary known as UNC5337 has resumed its focus on uncovering vulnerabilities within Ivanti remote access devices, marking another chapter in a series of security challenges faced by the IT vendor. This latest threat leverages a critical remote code execution (RCE) vulnerability discovered in Ivanti’s products, reigniting
A Chinese cyber adversary known as UNC5337 has resumed its focus on uncovering vulnerabilities within Ivanti remote access devices, marking another chapter in a series of security challenges faced by the IT vendor. This latest threat leverages a critical remote code execution (RCE) vulnerability discovered in Ivanti’s products, reigniting
The United States has announced a reward of up to $5 million for information leading to the disruption of North Korean IT worker schemes. These operations involve illicit remote work practices that fuel the nation's prohibited missile programs. Involved Entities Two companies, Yanbian Silverstar based in China and
The United States has announced a reward of up to $5 million for information leading to the disruption of North Korean IT worker schemes. These operations involve illicit remote work practices that fuel the nation's prohibited missile programs. Involved Entities Two companies, Yanbian Silverstar based in China and
In a groundbreaking discovery, researchers have identified "the first UEFI bootkit specifically engineered to target Linux systems". This represents a significant evolution in bootkit threats, which have historically concentrated on Windows environments. Innovative Threat The UEFI bootkit is a sophisticated form of malware designed to integrate into the

In a groundbreaking discovery, researchers have identified "the first UEFI bootkit specifically engineered to target Linux systems". This represents a significant evolution in bootkit threats, which have historically concentrated on Windows environments. Innovative Threat The UEFI bootkit is a sophisticated form of malware designed to integrate into the
Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.
Russian APT28 Hackers Exploit US Company Wi-Fi from Afar In a remarkable demonstration of their capabilities, Russian cyber espionage group APT28, also known as Fancy Bear and linked to Russia's military intelligence agency GRU, successfully infiltrated a U.S. company's Wi-Fi network from a distant location.
Read Our Latest Posts
Latest Posts

This week, genetic testing company 23andMe filed for bankruptcy, raising concerns about the fate of users' genetic data. With the possibility of data being sold, now is the time to consider deleting your information from their database. Why You Should Act Now When 23andMe first hinted at a potential

In a recent development, cybersecurity experts have identified new variants of the ReaderUpdate malware targeting macOS users. These variants are written in diverse programming languages such as Crystal, Nim, Rust, and Go, posing a significant threat to users of Apple devices. Emergence of New Malware Variants Initially detected as a

A cyber threat group known as 'RedCurl,' which has been involved in covert corporate espionage since 2018, has shifted tactics to include a ransomware encryptor aimed at Hyper-V virtual machines. This marks a significant evolution in their operational strategy, as they previously focused on data exfiltration from corporate

Recent discoveries have unveiled a new threat on the npm (Node package manager) platform, where malicious packages are used to secretly alter legitimate, locally installed packages, embedding a persistent reverse shell backdoor. This tactic ensures that even if the harmful packages are removed, the backdoor remains active on the victim&

Despite Oracle's denial of a breach in its Cloud federated SSO login servers, evidence suggests otherwise. Multiple companies have confirmed the authenticity of data samples allegedly stolen by a threat actor. Details of the Alleged Breach Recently, an individual identified as ‘rose87168’ claimed responsibility for breaching Oracle Cloud

A sophisticated cyber threat actor known as EncryptHub has been identified in a series of zero-day attacks targeting a vulnerability within the Microsoft Management Console (MMC). This flaw, recently patched by Microsoft, allows attackers to bypass security features and execute malicious code on Windows systems. Understanding the MMC Vulnerability The

The VanHelsing ransomware-as-a-service (RaaS) has surfaced, impacting three victims since its launch on March 7, 2025. This operation demands ransoms up to $500,000, making it a significant threat in the cybersecurity landscape. Understanding the VanHelsing Model VanHelsing operates on a RaaS model, allowing both seasoned hackers and newcomers to

Recent discoveries reveal that new Android malware campaigns are leveraging Microsoft's cross-platform framework, .NET MAUI, to disguise themselves as legitimate applications and avoid detection. This innovative tactic was identified by McAfee's Mobile Research Team, part of the App Defense Alliance, which focuses on enhancing Android security.

A significant security flaw has been identified in the Ingress NGINX Controller for Kubernetes, potentially allowing unauthenticated remote code execution. This vulnerability endangers over 6,500 clusters by exposing them to the public internet. Details of the IngressNightmare Vulnerabilities The vulnerabilities, collectively known as IngressNightmare, have been assigned CVE identifiers