TikTok Faces EU Fine While Supply Chain Attacks Hit Crypto Packages

Page content

TikTok Faces EU Fine While Supply Chain Attacks Hit Crypto Packages

Hey everyone, Michael Rodriguez here with another week of security news that’s keeping us all busy. This week brought us everything from regulatory action against social media giants to some particularly nasty supply chain attacks targeting crypto developers. Let’s dive into what happened and why it matters for our day-to-day work.

TikTok Gets Hit with EU Fine Over “Addictive Design”

The European Commission announced that TikTok is facing a substantial fine under the Digital Services Act (DSA) for what they’re calling “addictive design” features. We’re talking about the usual suspects here: infinite scroll, autoplay videos, push notifications, and those eerily accurate personalized recommendation algorithms.

Now, you might be wondering why this is landing in a security blog. Here’s the thing - while this isn’t a traditional cybersecurity issue, it highlights how regulatory bodies are starting to view certain design patterns as harmful enough to warrant legal action. For those of us working in security, this could signal a shift toward more scrutiny of how applications handle user data and behavioral manipulation.

The DSA is becoming a real force to reckon with in the EU, and companies operating there need to start thinking beyond just data protection (GDPR) to consider how their user engagement strategies might run afoul of these newer regulations.

Supply Chain Attack Hits dYdX Crypto Packages

This one’s a doozy and hits close to home for anyone managing software dependencies. Security researchers discovered that legitimate packages for dYdX (a popular decentralized exchange) were compromised on both npm and PyPI repositories.

The attackers managed to push malicious versions of @dydxprotocol/v4-client-js and its Python equivalent, targeting versions 3.4.1, 1.22.1, 1.15.2, and 1.0.31. These compromised packages were designed to steal wallet credentials and enable remote code execution - basically a crypto developer’s worst nightmare.

What makes this particularly concerning is that these weren’t typosquatting attacks or fake packages. These were the real, legitimate packages that developers trust and use in production. The attackers somehow gained access to the official package maintainer accounts or the build pipeline itself.

If you’re working with any crypto-related development, now’s a good time to audit your dependencies and implement some additional verification steps. Package signing, dependency pinning, and regular security scans of your node_modules and site-packages directories just became even more critical.

EDR Evasion Gets a Forensic Tool Makeover

Here’s an interesting twist on the ongoing cat-and-mouse game between attackers and endpoint protection. Security researchers found that attackers are weaponizing the EnCase forensic tool driver to bypass EDR solutions.

The kicker? This driver was signed with a digital certificate that expired years ago, but Windows still loaded it due to some significant security gaps in the driver verification process. It’s yet another reminder that the whole concept of “trusted” drivers needs some serious rethinking.

This falls into the broader category of “living off the land” attacks, where legitimate tools get repurposed for malicious activities. For those of us managing endpoint security, it’s worth reviewing which drivers are actually necessary in your environment and whether you can implement stricter driver loading policies.

Dark Web Admin Gets 30-Year Sentence

In a bit of good news for law enforcement, the admin of Incognito Market was sentenced to 30 years for running what prosecutors called a $105 million dark web drug empire.

What’s fascinating about this case is the operational security failure that led to his capture. Despite promising users “the best security there is,” the admin made critical mistakes that ultimately guaranteed his conviction. The irony gets even thicker when you learn he was apparently providing cryptocurrency training to law enforcement while simultaneously running his illegal marketplace.

This case serves as a reminder that even sophisticated threat actors make mistakes, and those mistakes often come from overconfidence or poor operational security practices. It’s also worth noting how cryptocurrency tracing capabilities continue to improve, making it harder for criminals to truly anonymize their financial activities.

Other Notable Mentions

SecurityWeek rounded up several other stories worth keeping an eye on, including record-breaking DDoS attacks, vulnerabilities in ESET products, and arrests related to DDoS operations. They also mentioned ongoing responses from AT&T and Verizon regarding the Salt Typhoon campaign, which continues to be a significant concern for telecommunications infrastructure security.

The Bigger Picture

What strikes me about this week’s news is how it illustrates the expanding definition of what we consider “security issues.” We’ve got traditional supply chain attacks, driver-based EDR evasion, regulatory action on user manipulation, and law enforcement victories against dark web operations. Our field continues to evolve beyond just technical vulnerabilities to encompass broader questions about digital safety and harmful design patterns.

For those of us in the trenches, it’s a reminder to keep our dependency management tight, stay current on driver security policies, and remember that security isn’t just about preventing unauthorized access - it’s increasingly about protecting users from a much broader range of digital harms.

Sources