Hacker Hacker News:Just A Normal Day

By The Neath | The Darkside Of Crypto | 27 Apr 2025

1-Critical flaws in Planet Technology's network management and switch devices were found by immersive security researchers, granting complete device control.

Immersive, a cybersecurity company, has discovered serious security flaws that are impacting network management tools and industrial switches that are supplied by Planet Technology, a Taiwanese company that manufactures IP-based networking devices. Because of these vulnerabilities, it is possible for attackers to take control of any network devices that are handled by these vulnerabilities, as stated in their blog post, which was shared with Hackread.com.

The team from Immersive, which was lead by security researcher Kev Breen, found various weaknesses in the industrial control systems of the corporation. In December of 2024, the CISA issued a security alert that identified the goods of the corporation as being susceptible to vulnerabilities. This prompted the team to launch an inquiry.

Firmware was acquired by the researchers from the Planet Technology website. In order to facilitate the extraction process, the researchers compressed the firmware files using the BIX format, which is a variant of the GZIP format. Techniques such as UART logging, which is the act of collecting and recording data that is delivered and received over the Universal Asynchronous Receiver/Transmitter (UART) interface, as well as tools such as Binwalk, were used in order to verify and comprehend the problems that were identified.

2-Inside the Official XRP Ledger NPM Package, a Backdoor Was Discovered

Users of the XRP Ledger have been the subject of a significant security breach that was discovered by the Aikido Intel threat detection system. According to the findings of Aikido's investigation, the official xrpl Node Package Manager (NPM) package, which is a software development kit (SDK) that is extensively used for interfacing with the XRP Ledger, was hacked as a result of a sophisticated supply chain assault.

This harmful intrusion led to the creation of a backdoor that was intended to steal the private keys of users, so providing attackers with full access over the bitcoin wallets of those individuals. On April 21st, at 20:53 GMT+0, there was a cause for concern when it was discovered that five freshly published versions of the xrpl package on NPM, which has more than 140,000 weekly downloads, included malicious code that did not fit with the official releases on GitHub.

3-Storm-1977 Deploys More Than 200 Crypto Mining Containers and Attacks Education Clouds with AzureChecker

According to Redmond, the threat actor is alleged to have used a guest account in order to establish a resource group inside the compromised subscription. This was detected in a successful case of account compromise that was observed by Redmond.

Following this, the attackers constructed more than two hundred containers inside the resource group with the intention of carrying out illegal bitcoin mining.

Resources

Bitcoin (BTC) Crypto Blockchain Ethereum (ETH)

How do you rate this article?

The Neath

Since I have been interested in crypto since 2020.I give back to the internet what I learned from the internet

The Darkside Of Crypto

The primary objective behind the establishment of this blog is to disseminate knowledge pertaining to the negative aspects of cryptocurrencies and their realm. Undoubtedly, this community hosts a multitude of events. As a result, the purpose of this publication is to educate individuals regarding cryptocurrencies. Additionally, it is worth noting that this publication does not hold any negative views towards cryptocurrencies, and its proprietors are crypto enthusiasts themselves.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.