US seizes E-Note crypto exchange for laundering ransomware payments
Law enforcement seized the servers and domains of the E-Note cryptocurrency exchange, which investigators say laundered more than 70 million dollars in proceeds from ransomware and account takeover attacks. U.S. authorities also unsealed an indictment against the alleged operator, a Russian national charged with money laundering conspiracy, and are analyzing seized customer and transaction data that could expose additional cybercriminals and money mule networks.
North Korea’s Digital Surge: $2B Stolen in Crypto as Amazon Blocks 1,800 Fake IT Workers
A new Chainalysis report estimates that North Korean threat actors have stolen more than 2.02 billion dollars in cryptocurrency so far in 2025, accounting for roughly three quarters of all service compromises tracked this year. At the same time, Amazon reports blocking about 1,800 suspected North Korean IT workers using stolen or falsified identities to secure remote jobs, highlighting how the regime blends direct theft with insider style access at tech and crypto firms.
MedStar Health Notifying Patients of Data Theft Breach
MedStar Health, which runs 10 hospitals and hundreds of care sites in Maryland, Virginia and Washington DC, is notifying patients after a cyber incident where attackers accessed its systems and exfiltrated data over several days in September. The Rhysida ransomware group claims to have 3.7 terabytes of stolen data including millions of patient records, and MedStar now faces consolidated class action litigation while offering identity monitoring to affected individuals.
Major Data Breach Announced by Richmond Behavioral Health Authority
Richmond Behavioral Health Authority in Virginia disclosed that ransomware actors accessed its systems in late September, encrypting data and potentially exposing information on up to 113,232 individuals. While investigators could not definitively prove patient data access, the Qilin ransomware group has claimed responsibility, says it exfiltrated 192 GB of data, and has published samples on its leak site, prompting RBHA to issue broad notifications and strengthen security controls.
NuGet Malware Mimic: .NET Integration Library Steals Crypto Wallets and OAuth Tokens
Researchers at ReversingLabs uncovered a malware campaign abusing the NuGet package ecosystem with at least 14 trojanized .NET packages that impersonate popular cryptocurrency libraries. The malicious packages can exfiltrate wallet keys, silently redirect high value crypto transfers to attacker wallets, and steal Google Ads OAuth credentials, using tactics like homoglyph typosquatting, inflated download counts, and rapid versioning to appear legitimate to developers.
Clop Ransomware Group Targets Gladinet CentreStack Servers for Data Theft
Incident responders report that the Clop ransomware group is exploiting an as yet undocumented vulnerability in Gladinet CentreStack, an internet facing file sharing and sync platform, to steal data from exposed servers. Scans have identified more than 200 CentreStack instances online, and Clop appears to focus on pure data exfiltration rather than encryption, with researchers urging administrators to lock down portal access, monitor for unusual file activity, and prepare to rapidly apply vendor patches once available.
