Bybit Confirms Record-Breaking $146 Million Crypto Theft
Bybit, a major cryptocurrency exchange, has confirmed a $146 million security breach, making it one of the largest crypto thefts in recent history.
The attack, which targeted Bybit’s hot wallets, was detected on February 23, 2025, prompting the exchange to temporarily suspend withdrawals. Bybit assured users that it would cover all losses and that customer funds remained safe. Investigators are still analyzing how the hackers exploited the system, though early signs suggest a sophisticated cyberattack. The exchange is strengthening security measures and collaborating with law enforcement to track the stolen funds.
This incident underscores the persistent vulnerabilities in crypto exchanges and the need for stronger security measures to protect digital assets.
Botnet Exploits Basic Authentication in Microsoft 365 Password Spray Attacks
A botnet campaign is targeting Microsoft 365 accounts using password spraying attacks that exploit basic authentication, a legacy authentication method still enabled in some environments.
Attackers are leveraging large-scale automated attempts to gain unauthorized access to Microsoft 365 accounts by trying commonly used passwords. The use of basic authentication—widely considered insecure—makes these attacks easier, as it lacks modern protections like multi-factor authentication (MFA). Microsoft has urged organizations to disable basic authentication and switch to modern authentication protocols.
This attack highlights the risks of outdated authentication methods and reinforces the importance of implementing strong password policies and MFA.
Chinese APT ‘Salt Typhoon’ Targets Cisco Routers with Custom Malware
A Chinese state-sponsored hacking group, Salt Typhoon (aka Gallium), has been found exploiting Cisco routers using a sophisticated custom toolset.
The attackers are using compromised edge network devices to conduct espionage and persistent cyber operations, focusing on government and enterprise targets. Cisco researchers identified new malware capable of maintaining long-term access to compromised routers, allowing the attackers to intercept and manipulate network traffic. Salt Typhoon has been active for years, but this latest campaign underscores the growing trend of nation-state actors targeting network infrastructure instead of traditional endpoints.
This discovery highlights the urgent need for organizations to secure their network devices, as routers remain a high-value target for advanced persistent threats (APTs).
Exploits for Unpatched Parallels Desktop Flaw Grant Root Access on Macs
Security researchers have discovered exploits for an unpatched vulnerability in Parallels Desktop that allows attackers to gain root access on macOS systems.
The flaw, identified as CVE-2024-3108, enables privilege escalation, meaning an attacker could take full control of an affected Mac. Exploit code has already surfaced online, increasing the urgency for a patch. The vulnerability affects users running Parallels Desktop to virtualize Windows or Linux on macOS, making it a critical issue for developers and enterprises relying on virtualization software.
With active exploits in the wild, users are urged to monitor security updates and apply patches as soon as they become available to mitigate the risk of exploitation.
Mobile Phishing Attacks Surge 16% as Cybercriminals Target Smartphones
New research reveals a 16% increase in mobile phishing attacks, as threat actors increasingly target smartphones for credential theft and financial fraud.
Attackers are using SMS-based phishing (smishing), fake login pages, and malicious apps to trick users into revealing sensitive information. The rise in attacks is attributed to the widespread use of mobile devices for work and personal activities, often without the same level of security as desktops. Experts warn that traditional anti-phishing measures may be less effective on mobile platforms, emphasizing the need for improved mobile security solutions.
This trend signals a growing cybersecurity risk, urging businesses and individuals to adopt stronger mobile security practices and user awareness training.