Security researchers have linked a new macOS malware kit called "Mach-O Man" to the Lazarus hacking group. The malware targets crypto and fintech firms by using fake meeting invites and ClickFix prompts to steal credentials and access corporate systems. The campaign highlights ongoing threats from Lazarus, emphasizing the need for enhanced security measures in the sector.
The Lazarus Group has intensified its Mach-O Man malware campaign targeting crypto and fintech executives, according to CertiK. Researchers linked over $500 million in recent exploits to Lazarus activity. The group used the ClickFix method to deceive victims into executing malicious commands on macOS systems, highlighting a significant security threat in the crypto sector.
Kelp DAO was exploited for approximately $292 million, marking one of the largest security breaches in Web3. The attack highlights ongoing vulnerabilities in decentralized protocols. The incident coincides with increased concerns over North Korean hacking activities targeting crypto, Aave contagion risks, and Coinbase's exploration of quantum computing, emphasizing the need for enhanced security measures across the industry.
The $292 million Kelp DAO exploit highlights ongoing security risks in crypto bridges, which remain one of the industry's weakest points. The exploit underscores structural vulnerabilities in bridge systems that rely on complex infrastructure and hidden trust assumptions. Experts warn that as long as these issues persist, bridges will continue to be prime targets for attacks, posing significant security challenges for the crypto industry.
RedotPay has integrated SUI and USDC into its platform, enabling over 7 million users to send, receive, and spend these assets in real-world transactions. Launched in April 2026, this move connects crypto balances to traditional payment systems, allowing transactions in over 100 countries and 130 million merchants. The integration leverages Sui’s speed and USDC’s stability for practical everyday spending.
The Sui DeFi protocol Volo was exploited, resulting in user losses. The Volo team announced they will absorb the losses to protect users. The incident highlights ongoing security challenges in the DeFi space, with no specific amount disclosed. The exploit underscores the importance of security measures in decentralized finance platforms.
Cybersecurity firm Symantec reports that threat actor Harvester deployed a Linux version of its GoGra backdoor in South Asia, using Microsoft Graph API and Outlook mailboxes as covert command-and-control channels. The malware bypasses traditional defenses, indicating a sophisticated attack targeting regional entities, with ongoing investigations into the scope and impact.
