Search results for firefox crypto | Breaking Cybersecurity News | The Hacker News

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send , to the public, allowing users to securely share large files like video, audio or photo files that can be too big to fit into an email attachment. Firefox Send was initially rolled out by Mozilla to test users way back in August 2017 as part of the company's now-defunct "Test Pilot" experimental program. Firefox Send allows you to send files up to 1GB in size, but if you sign up for a free Firefox account, you can upload files as large as 2.5GB in size. The service uses a browser-based encryption technology that encrypts your files before uploading them to the Mozilla server, which can only be decrypted by the recipients. Unlike popul...

Mozilla has rolled out the latest Version 37 of its Firefox browser for Windows desktop, Mac, Linux and Android operating systems. The new release also adds patches for 13 different security advisories along with some new security improvements as well as user-experience features. The biggest security feature added to Firefox 37 among others is the "Opportunistic Encryption" (OE) for servers and websites that support " HTTP/2 AltSvc. " Opportunistic Encryption (OE) allows Firefox browser to encrypt the traffic over plaintext HTTP connection without any need to authenticate it. This will help you to create, not complete, but some confidentiality from attackers to eavesdrop on your connection. So Opportunistic encryption can be implemented with very minimal changes to an existing IPsec implementation. The move by Mozilla is really a bonus for HTTP users with no encryption measure at all, but still it is not as good as authenticated encryption ...

A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes the activity notable is the threat actor's use of a technique that the cybersecurity company called Extension Hollowing to bypass safeguards put in place by Mozilla and exploit user trust. It's worth noting that some aspects of the campaign were first documented by security researcher Lukasz Olejnik last week. "Rather than trying to sneak malicious extensions past initial reviews, they build legitimate-seeming extension portfolios first, then weaponize them later when nobody's watching," Admoni said in a report published Thursday. To achieve this, the attackers first create ...

Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. After the world's most popular torrent download website, The Pirate Bay , caught secretly  using Coinhive , a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads. However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Un...

Hey there, it's your weekly dose of " what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet GoldenJackal, the hacking crew you've probably never heard of – but should definitely know about now. They're busting into super-secure, air-gapped computer systems with sneaky worms spread through infected USB drives (yes, really!), proving that even the most isolated networks aren't safe. ESET researchers caught them red-handed using two different custom-made tools to target high-profile victims, including a South Asian embassy in Belarus and a European Union government organization. 🔔 Top News Mozilla Patches Firefox 0-Day: Mozilla patched a...

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox," Koi Security researcher Yuval Ronen said . The large-scale campaign is said to have been ongoing since at least April 2025, with new extensions uploaded to the Firefox Add-ons store as recently as last week. The identified extensions have been found to artificially inflate their popularity, adding hundreds of 5-star reviews that go far beyond the total number of active installations. This strategy is employed to give them an illusion of authenticity, making it seem like they are widely adopted and tricking unsuspecting users into installing them. Another tactic adopted by ...

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions, logins, messages — the things people click without thinking. That’s where damage starts now. This recap pulls those signals together. Not to overwhelm, but to show where attention slipped and why it matters early in the year. ⚡ Threat of the Week RondoDox Botnet Exploits React2Shell Flaw — A persistent nine-month-long campaign has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial...

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called  Cloud9  by security firm Zimperium, the malicious browser add-on comes with a wide range of features that enables it to siphon cookies, log keystrokes, inject arbitrary JavaScript code, mine crypto, and even enlist the host to carry out DDoS attacks. The extension "not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device," Zimperium researcher Nipun Gupta  said  in a new report. The JavaScript botnet isn't distributed via Chrome Web Store or Microsoft Edge Add-ons, but rather through fake executables and rogue websites disguised as Adobe Flash Player updates. Once installed, the extension is designed to inject a JavaSc...

Threat actors are advertising a new information stealer for the Apple macOS operating system called  Atomic macOS Stealer  (or AMOS) on Telegram for $1,000 per month, joining the likes of  MacStealer . "The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers  said  in a technical report. Among other features include its ability to extract data from web browsers and cryptocurrency wallets like Atomic, Binance, Coinomi, Electrum, and Exodus. Threat actors who purchase the stealer from its developers are also provided a ready-to-use web panel for managing the victims. The malware takes the form of an unsigned disk image file (Setup.dmg) that, when executed, urges the victim to enter their system password on a bogus prompt to escalate privileges and carry out its malicious acti...

How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp. Zerodium announced a new pricing structure on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) and local privilege escalation (LPE) vulnerabilities in Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, and Telegram. The payouts for all these secure messengers have been increased after tech companies introduced end-to-end encryption in their apps, making it more difficult for anyone to compromise their messaging platforms. The same payout is offered for remote code execution and local privilege escalation security flaws in default mobile email applications. Launched in 2015, Zerodium is a Washington, DC-based p...

A new malware family called  Realst  has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system. Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and browser data" from both Windows and macOS machines. Realst was first discovered in the wild by security researcher  iamdeadlyz . "Realst Infostealer is distributed via malicious websites advertising fake blockchain games with names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend," SentinelOne security researcher Phil Stokes  said  in a report. "Each version of the fake blockchain game is hosted on its own website complete with associated Twitter and Discord accounts." The cybersecurity firm, which identif...

It’s an era of Mass Surveillance, where Encryption has become more important today for all of us than any other time in the History. But the trouble is that Crypto programs are too hard for Non-Internet-Savvy to implement and use. Time is loudly announcing the need to switch to some alternatives that provide end-to-end encryption for communication between two devices in order to keep your personal data away from NSA's prying eyes and respect your Privacy . But, many services, including Facebook's messaging application, don’t support encryption and therefore are weak in providing security of our online data, which could result in data breach either by cyber criminals or by our own Government under surveillance programs. Because Facebook's messaging application doesn't support end-to-end encryption, an Open-source and most popular crypto chat-encryption application called 'Cryptocat' has made it possible to chat with your Facebook friends and rel...

A new Golang-based information stealer malware dubbed  Titan Stealer  is being advertised by threat actors through their Telegram channel. "The stealer is capable of stealing a variety of information from infected Windows machines, including credential data from browsers and crypto wallets, FTP client details, screenshots, system information, and grabbed files," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi  said  in a recent report. Details of the malware were  first documented  by cybersecurity researcher Will Thomas (@BushidoToken) in November 2022 by querying the IoT search engine Shodan. Titan is offered as a builder, enabling customers to customize the malware binary to include specific functionalities and the kind of information to be exfiltrated from a victim's machine. The malware, upon execution, employs a technique known as  process hollowing  to inject the malicious payload into the memory of a legitima...

Cybersecurity researchers are warning of two different information-stealing malware, named  FFDroider  and  Lightning Stealer , that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself on victim's machines to look like the instant messaging application 'Telegram,'" Zscaler ThreatLabz researchers Avinash Kumar and Niraj Shivtarkar  said  in a report published last week. Information stealers, as the name implies, are equipped to harvest sensitive information from compromised machines, such as keystrokes, screenshots, files, saved passwords and cookies from web browsers, that are then transmitted to a remote attacker-controlled domain.  FFDroider is distributed through cracked versions of installers and freeware with the primary objective of stealing cookies and credentials associated with popular social media and e-commerce platforms an...

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot,  Redline Stealer , and  WeSteal . "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet (Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin, Litecoin wallets) contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researchers said in a technical report on Wednesday. The campaign, distributed globally across Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain, and the U.S., is suspected to be delivered to compromised systems via cracked software installers. The modus operandi of using cracks as an infection source for initial access mirrors similar cybercrime campaigns that have leveraged tools such as  KMSPico  as a conduit for deploying malware. "Most infected u...

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every move by attackers sparks a new response from defenders. In this week’s ThreatsDay Bulletin, we look at the latest moves in that race — from new malware and data leaks to AI tools, government actions, and major security updates shaping the digital world right now. U.K. moves to tighten cyber rules for key sectors U.K. Debuts Cyber Security and Resilience Bill The U.K. government has proposed a new Cyber Security and Resilience Bill that aims to strengthen national security and secure public services like healthcare, drinking wat...