ALL POSTS

Key Findings Researchers from Zscaler ThreatLabz discovered three malicious npm packages that deliver a new Remote Access Trojan (RAT) called NodeCordRAT. The packages - bitcoin-main-lib, bitcoin-lib-js, and bip40 - were designed to mimic legitimate tools from the bitcoinjs project, tricking developers into installing them. NodeCordRAT uses Discord as a command-and-control (C2) channel, blending its malicious traffic with legitimate user activity to evade detection. The malwa

Key Findings Encrypted vault backups stolen in the 2022 LastPass breach are still being cracked, enabling crypto theft as late as 2025. Attackers have drained over $28 million in crypto by exploiting weak master passwords to decrypt the stolen vaults. The funds were laundered through Russian cybercrime infrastructure, including mixers and high-risk exchanges. TRM Labs' analysis indicates likely Russian criminal involvement in monetizing the LastPass breach. Background In 2022