Jamf says North Korean subgroup of the financially motivated Lazarus Group targets specific users the threat actors believe have access to cryptocurrency.

Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood, on this edition of the Security Weekly News

Attacks leveraging the Amadey and PrivateLoader malware to deploy the Socks5Systemz proxy botnet have compromised 10,000 devices around the world since the beginning of October, most of which are from India, the U.S., Brazil, Colombia, and South Africa, reports BleepingComputer.

Several WhatsApp mods for Android have been used by threat actors to facilitate the deployment of the CanesSpy spyware, The Hacker News reports.

BleepingComputer reports that persistent exploitation of Discord's content delivery network to facilitate malware hosting and distribution has prompted the instant messaging and VoIP social platform to deploy a new 24-hour expiration limit for all uploaded links to servers, along with new expiration timestamps and unique signatures valid until link expiration by year-end.

Security researchers say this new strain of Gootloader leverages "stealthier" SEO-poisoning to trick people who regularly use contracts, legal forms, and other business documents.

Novel macOS malware launched by North Korean hackers New KANDYKORN macOS malware has been deployed by threat actors linked to North Korea's Lazarus Group in attacks against an unspecified cryptocurrency exchange's blockchain engineers since April, reports The Hacker News.