Cryptocurrency exchange Coinbase was breached when its customer data was copied by malicious support agents who were allegedly bribed. Although the culprits demanded a $20m ransom to not publicly release the data, the company refused to pay. Instead, it is offering a $20m reward for information leading to their arrest. Coinbase has added security measures, is tracking stolen funds, and has assured its customers that the culprits did not have access to sensitive information like login credentials or account funds.
Google Calendar used as middleman for stealthy NPM malware
Veracode researchers have uncovered a malware campaign that misuses Google Calendar to execute a malicious command-and-control (C2) server connection. The malware is embedded in a
