📬 Hackers Are Literally Mailing You Scam Letters 📬

Threat actors are sending physical letters through postal mail pretending to be from Trezor and Ledger, manufacturers of cryptocurrency hardware wallets. The letters use official-looking branding and urgent language to trick recipients into revealing their wallet recovery phrases on fake websites. The scam represents a sophisticated blend of physical and digital social engineering.

Sources:
• https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/
• https://www.cryptotimes.io/2026/02/16/ledger-and-trezor-users-are-being-tricked-into-giving-away-millions/
• https://crypto.news/crypto-hackers-target-trezor-ledger-users-in-theft/
• https://phemex.com/news/article/scammers-target-ledger-and-trezor-users-with-phishing-letters-60803

#Cryptocurrency #Trezor #Ledger #PhishingScam #HardwareWallet
----------

🤖 Trusted AI Tool Weaponized to Hack Macs 🤖

Threat actors are abusing Claude AI's Artifacts feature and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users. The attacks target users searching for specific technical queries, showing malicious Google Ads that lead to Claude-generated artifacts containing malware. This represents a concerning abuse of AI-generated content for malware distribution.

Sources:
• https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
• https://cyberpress.org/malicious-campaign-uses-claude-artifacts-and-google-ads/
• https://www.rescana.com/post/claude-llm-artifacts-exploited-to-distribute-mac-infostealer-malware-via-clickfix-attack-chain-targe
• https://www.news4hackers.com/clickfix-attack-exploits-claude-llm-artifacts-to-distribute-mac-infostealers/

#Claude #MacMalware #Infostealer #GoogleAds #AI
----------

❄️ ShinyHunters Strikes Again: 600K Records Leaked ❄️

The notorious ShinyHunters data extortion group claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related information. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and investigators have not found evidence of a breach of Canada Goose's own systems. The company is investigating whether the data came from a third-party vendor or partner.

Sources:
• https://www.bleepingcomputer.com/news/security/canada-goose-investigating-as-hackers-leak-600k-customer-records/
• https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html
• https://www.techradar.com/pro/security/canada-goose-confirms-data-leak-around-600-000-customers-thought-to-be-affected
• https://vpncentral.com/canada-goose-600k-customer-records-leaked-shinyhunters-claims-third-party-breach/

#DataBreach #CanadaGoose #ShinyHunters #CustomerData #CyberSecurity