RT zeroShadow (@zeroshadow_io)We've been tracking an active malware campaign targeting Web3 customer support teams.Attackers pose as customers in live chat and send links disguised as screenshots. One click installs a multi-stage backdoor attributed with moderate confidence to APT-Q-27.@1inch security caught this early before any damage was done and brought it to us to investigate. That prompt action is exactly why this report exists.Full report: malware analysis, IOCs, detection rules, and guidance for CS ...

SlowMist reports supply chain poisoning in OpenClaw's ClawHub plugin center. Weak reviews allowed numerous malicious skills to infiltrate and spread harmful code. Koi Security scanned 2,857 skills, identifying 341 malicious. SlowMist analyzed >400 IOCs, revealing organized batch attacks targeting few fixed domains/IPs via two-stage loading (initial obfuscation, dynamic payload retrieval). Example: "X (Twitter) Trends" skill hides Base64 backdoor that downloads/executes malware to phish passwords, collect fi ...

Core Viewpoint - Apple has successfully opposed the U.K. government's attempt to keep details of its appeal against a demand for a "backdoor" to access iPhone users' encrypted data secret [1][2]. Group 1: Legal Ruling - The U.K.'s Investigatory Powers Tribunal ruled against the government's request to keep the appeal hearing details private, emphasizing the importance of open justice [2]. - Judges stated that conducting a hearing entirely in secret would be an extraordinary step and a fundamental interference with justice principles [2]. Group 2: Government Demands - The appeal concerns a demand from the U.K. government for Apple to create a technical "backdoor" to access encrypted data protected by Apple's Advanced Data Protection (ADP) system [4]. - The Investigatory Powers Act of 2016 allows the U.K. government to compel tech companies to weaken encryption technologies, a controversial policy criticized by the tech industry and privacy advocates [5]. Group 3: Apple's Response - Apple has consistently resisted efforts to weaken its encryption, arguing that such actions would compromise user security and privacy [6]. - Following the government's order, Apple withdrew its ADP system for U.K. users in February, expressing disappointment over the loss of privacy options for customers [6]. - Apple reiterated its commitment to providing the highest level of security for user data and hopes to restore these protections in the future [7].