A new ThreatDay bulletin has reported a significant decentralized finance hack totaling $290 million, alongside escalating threats targeting macOS systems and proxy-based SIM farms. The report, which covers over 25 separate security incidents, highlights persistent vulnerabilities in software supply chains and attack vectors that continue to exploit basic, well-documented flaws.<\/p>\n
The $290 million DeFi breach represents the largest single loss in the latest wave of crypto-related crimes. While specific protocols and timestamps were still being verified at the time of reporting, the incident underscores the enduring financial risks within unregulated digital asset markets. Experts note that the attack leveraged vulnerabilities common to many DeFi platforms, including smart contract logic errors and insufficient access controls.<\/p>\n
The bulletin draws attention to a pattern of supply chain compromise, where malicious actors are injecting backdoors and data-stealing code into unverified software packages. These tainted packages are then distributed through official repositories, infecting downstream users who unknowingly integrate them into their applications. The report emphasizes that attacking the underlying infrastructure of apps is often simpler than directly compromising the applications themselves.<\/p>\n
Specific mention is made of a “LotL” (Living off the Land) abuse technique targeting macOS systems. This method involves using legitimate, built-in system tools and scripts to carry out malicious activities, making detection significantly more difficult for standard security software. The technique has been observed in recent campaigns that install persistent backdoors and harvest credentials.<\/p>\n
The bulletin also details the use of ProxySmart SIM farms, a method where attackers use bulk SIM cards to generate and manage large volumes of phone numbers. This infrastructure is commonly used to bypass SMS-based two-factor authentication and to create fraudulent accounts on social media and other platforms. The report links these farms to credential stuffing campaigns and social engineering attacks.<\/p>\n
In total, the bulletin covers more than 25 new stories, including ransomware variants, zero-day exploits in enterprise software, and phishing campaigns targeting critical infrastructure. Many of the described exploits rely on “same bugs and same mistakes” that have been discussed in security circles for years, indicating a failure in basic software hygiene and patching discipline.<\/p>\n
Analysts point to the messy nature of modern software supply chains as a primary driver of these ongoing incidents. Packages that users do not personally audit are increasingly used as vectors for initial access. The trend suggests that organizations need to invest in software composition analysis and supply chain verification tools to mitigate these risks. The use of legitimate tools for malicious ends, as seen in the macOS LotL attacks, further complicates defense strategies.<\/p>\n