✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Venture Capital/VC
Breach intelligence, attack campaigns, and threat reports targeting the Venture Capital/VC sector.
Explore Other Sectors
Venture Capital/VC Threat Reports
UNC1069's Social Engineering Compromise of Axios: A 2026 Supply Chain Attack
In late March 2026, the popular JavaScript HTTP client library Axios, with over 100 million weekly downloads, was compromised through a sophisticated social engineering attack. The North Korean state-sponsored group UNC1069 targeted lead maintainer Jason Saayman, gaining access to his npm account. The attackers published two malicious versions of Axios (1.14.1 and 0.30.4) that included a trojanized dependency, 'plain-crypto-js@4.2.1', which executed a post-install script to deploy a cross-platform Remote Access Trojan (RAT) upon installation. The malicious packages were available for approximately two to three hours before being removed, but the potential impact was significant due to Axios's widespread use. This incident underscores the increasing industrialization of social engineering attacks targeting open-source maintainers, highlighting the need for enhanced security measures within the software supply chain. The rapid detection and removal of the compromised packages prevented a more extensive breach, but the event serves as a critical reminder of the vulnerabilities inherent in widely used open-source projects.
2 months ago
Kill Chain
Drift Protocol's $280M Loss: A Case Study in Advanced Social Engineering
In April 2026, Drift Protocol, a decentralized finance platform on the Solana blockchain, suffered a sophisticated cyberattack resulting in the theft of approximately $280 million in digital assets. The attackers, identified as the North Korean state-sponsored group UNC4736, infiltrated the organization over a six-month period by posing as a legitimate quantitative trading firm. They engaged with Drift contributors at multiple industry conferences, building trust through in-person meetings and continued communication via Telegram. This prolonged social engineering campaign allowed them to gain unauthorized access to Drift's Security Council administrative powers, leading to the rapid exfiltration of funds. This incident underscores the evolving tactics of state-sponsored cyber actors, who are increasingly leveraging extended social engineering strategies to compromise high-value targets. The attack highlights the critical need for organizations to implement robust security protocols, including stringent verification processes and continuous monitoring, to defend against such sophisticated infiltration methods.
2 months ago
Kill Chain
Microsoft Alerts Developers to Malicious Next.js Repositories Delivering In-Memory Malware
In February 2026, Microsoft identified a coordinated campaign targeting developers through malicious repositories disguised as legitimate Next.js projects. Attackers created fake repositories on platforms like Bitbucket, using names such as "Cryptan-Platform-MVP1," to deceive developers into executing code that establishes persistent access to compromised machines. The campaign employed multiple execution methods, including Visual Studio Code workspace automation, build-time execution via modified JavaScript libraries, and server startup execution through environment exfiltration. These methods led to the in-memory execution of attacker-controlled JavaScript, facilitating command-and-control operations and potential data exfiltration. This incident underscores the increasing sophistication of supply chain attacks targeting developers. By embedding malicious code into trusted development tools and processes, attackers can gain deep access to sensitive systems and data. Organizations must enhance their security measures to protect against such threats.
3 months ago
Kill Chain
PurpleBravo’s North Korean Supply-Chain Attack Exposes Hidden Risks to IT Outsourcing in 2025
Between August 2024 and September 2025, North Korean state-backed group PurpleBravo orchestrated a software supply-chain campaign targeting IT services and software development firms worldwide. Posing as recruiters or fictitious brands, the attackers lured victims—often developers and job seekers—into executing malicious code on corporate endpoints. Through malware like BeaverTail, PyLangGhost, and GolangGhost, PurpleBravo exfiltrated browser credentials and cryptocurrency wallet data while leveraging GitHub, fake websites, and VPN-based command-and-control infrastructure. Over 3,100 IP addresses and 20 organizations in South Asia, Europe, the Middle East, and Central America were exposed as probable victims, amplifying downstream risk to clients of affected IT service providers. This incident underscores a growing trend of sophisticated, targeted software supply-chain attacks exploiting developer trust and recruitment platforms. The campaign’s overlap with other North Korean IT worker operations and its focus on outsourcing regions highlight urgent risks to organizations relying on distributed and third-party development partners.
5 months ago
Kill Chain
Unleash Protocol Breach: $3.9M Stolen in 2024 DeFi Multisig Contract Hijack
In May 2024, decentralized intellectual property platform Unleash Protocol suffered a major security breach in which hackers exploited a vulnerability within its multisignature governance contract. Threat actors successfully assumed control of the protocol’s multisig wallet to execute an unauthorized smart contract upgrade, granting them illicit withdrawal rights. As a result, approximately $3.9 million in cryptocurrency assets were drained from the platform. The incident forced Unleash Protocol to suspend operations to assess damage control, freezing its ecosystem and raising questions about the security of decentralized financial infrastructure. This breach highlights the persistent risks facing DeFi platforms, particularly surrounding contract governance and multisig controls. Threat actors continue to target decentralized protocols using sophisticated social engineering and smart contract exploitation methods, emphasizing fintech’s urgent need for comprehensive, proactive security measures.
5 months ago
Kill Chain
AI Advertising Firm Doublespeed Breached: Over 1,000 Smartphones Compromised in 2025 Attack
In October 2025, AI advertising startup Doublespeed suffered a major security breach when a hacker exploited a vulnerability in the company’s backend systems to gain unauthorized access to its phone farm managing over 1,000 AI-generated social media accounts. The attacker was able to both extract confidential data about undisclosed advertising campaigns and seize remote control of the smartphones used to operate the accounts. This exposure illuminated the company’s covert promotion practices and presented significant risks of both data exfiltration and operational compromise. Despite being notified on October 31, the company had not fully remediated access at the time of reporting, heightening concerns about internal controls and disclosure procedures. The breach underscores growing vulnerabilities in companies that use automation at scale, especially in the context of AI-driven influence operations and digital marketing. It reflects broader industry trends: increasing use of phone farms, sophisticated identity evasion, and regulatory scrutiny around undeclared digital ads, all contributing to a shifting cyber threat landscape.
5 months ago
Kill Chain
North Korean BlueNoroff APT Hits Fintech and Web3 in Sophisticated 2024 Crypto Heist
In early 2024, the North Korean APT group BlueNoroff (a sub-group of Lazarus) launched sophisticated cross-platform campaigns against fintech executives and Web3 developers worldwide. The attackers utilized fake business collaboration and job recruitment lures distributed via phishing documents and messaging apps to implant malware on both Windows and macOS devices. Once in the network, BlueNoroff leveraged their established toolkits—including custom backdoors and credential stealers—to escalate privileges and ultimately exfiltrate cryptocurrency assets. This activity resulted in significant fund theft for several organizations, eroding trust in targeted fintech sectors. This incident highlights the continuous evolution of state-sponsored cybercrime groups, who now use highly adaptive social engineering paired with platform-agnostic malware. The financial sector, especially emerging blockchain and crypto startups, remains a primary focus amid a surge of advanced financially-motivated nation-state attacks.
5 months ago
Kill Chain
GitHub Notification Phishing Abuses Y Combinator Brand for Crypto Theft (2025)
In September 2025, a widespread phishing campaign exploited GitHub's notification system to target software developers for cryptocurrency theft. Attackers impersonated the reputable startup accelerator Y Combinator and generated hundreds of fake issue notifications across GitHub repositories, tagging users to trigger authentic-looking emails. Victims were lured to a spoofed Y Combinator website with a subtle domain misspelling, where they were prompted to connect cryptocurrency wallets for 'verification.' Behind the scenes, obfuscated scripts authorized malicious transactions, draining wallets once users signed in. The fraudulent repositories were quickly reported and taken down, but it's unclear how many users suffered financial losses. This attack highlights the growing trend of threat actors leveraging trusted platforms for sophisticated social engineering, particularly as notification-based phishing campaigns increase and cryptocurrency remains a lucrative target. The evolving tactics underscore the urgent necessity for enhanced vigilance, technical controls, and authentication checks across digital collaboration tools.
5 months ago
Kill Chain
How Social Engineering Enabled the 2024 Insight Partners Ransomware Breach
In October 2024, Insight Partners, a leading New York-based venture capital and private equity firm, suffered a significant cybersecurity incident when a threat actor used sophisticated social engineering techniques to gain network access. Following initial infiltration, attackers spent months exfiltrating sensitive information, including banking, tax, employee, and investor data, before launching ransomware on January 16, 2025 to encrypt company servers. The breach ultimately impacted approximately 12,657 individuals, with Insight Partners notifying those affected and providing credit monitoring services in accordance with regulatory requirements. This incident highlights the increasing effectiveness of social engineering in enabling multi-stage ransomware attacks that combine stealthy exfiltration with disruptive encryption. As the financial sector faces growing regulatory scrutiny and cybercriminals refine identity-driven attack vectors, organizations must address both technical vulnerabilities and human factors to maintain resilience against evolving ransomware threats.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports