You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.
The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking the apps themselves. The exploits are simple but still work, giving attackers easy access.
AI tools are also part of the problem now. They trust bad input and take real actions, which makes the damage bigger. Then there are quieter issues. Apps take data they should not. Devices behave in strange ways. Attackers keep testing what they can get away with. No noise. Just ongoing damage.
Here is the list for this week’s ThreatsDay Bulletin.
-
State-backed crypto heist
Inter-blockchain communication protocol LayerZero has revealed that North Korean threat actors tracked TraderTraitor may have been behind the recent hack of decentralized finance (DeFi) project KelpDAO, resulting in the theft of $290 million. “The attack was specifically engineered to manipulate or poison downstream RPC infrastructure by compromising a quorum of the RPCs the LayerZero Labs DVN relied upon to verify transactions,” LayerZero said. KelpDAO, in a post on X, said, “Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the third RPC node. This was an attack on LayerZero’s infrastructure. Kelp’s own systems were not involved in building or operating that infrastructure.” Meanwhile, the Arbitrum Security Council has temporarily frozen the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. It’s worth noting that TraderTraiter was attributed to the mega Bybit hack in early 2025 that led to the theft of $1.5 billion in digital assets. Recently, Lazarus Group was also linked to the $285 million theft from the Drift Protocol.
-
Active RCE exploits
Separately, VulnCheck has warned of attacks attempting to exploit two flaws in MajorDoMo, a smart home automation platform. While CVE-2026-27175 is a critical command injection vulnerability that started seeing exploitation on April 13, CVE-2026-27174 allows unauthenticated remote code execution via the PHP console in the admin panel and was first detected on April 18. “CVE-2026-27175 was exploited to drop a PHP webshell that delivers persistent backdoor access,” VulnCheck said. “CVE-2026-27174 saw exploitation that ended in a Metasploit php/meterpreter/reverse_tcp staged payload.” Other vulnerabilities that have witnessed exploitation efforts include CVE-2025-22952, an SSRF in Elestio Memos, and CVE-2024-57046, an authentication bypass in NETGEAR DGN2200 routers.
-
Supply chain malware surge
A number of malicious packages have been…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
