Owing to its lucrative nature and large-scale adoption, online advertising has been a target for malicious actors. In one such instance, a Lithuanian ad website fell victim to a data breach, impacting thousands. In what happens to be one of the largest NFT hacks this year, attackers made a huge profit. In other news, threat actors are selling password-cracking software to target ICS. Read along for more news from the weekend.

1. A cyberattack against Lithuanian ad website alio[.]lt, allegedly by Russian hackers, might have exposed the data of 345,000 customers. However, the portal did not store any sensitive data.

2. Threat actors compromised the official website of Premint NFT and stole 314 NFTs, amounting to approximately $375,000. The attack has six primary EOAs associated with it, among which two wallets contain Bored Ape Yacht Club, Otherside, Oddities, and goblintown.wtf NFTs.

3. The Albanian National Agency for the Information Society (AKSHI) was forced to shut down official government websites, including the websites of the Prime Minister’s Office and the Parliament, following a synchronized cyberattack.

4. The Narragansett Bay Commission, Rhode Island’s sewer-system operator, suffered a ransomware attack on its computer systems. Investigation continues.

5. A large-scale campaign was found targeting Elastix VoIP telephony servers with over 500,000 malware samples, over a period of three months.

6. Checkmarx warned against a new supply-chain attack that involves spoofing metadata commits to deceive GitHub developers into using malicious code.

7. Several accounts on social media websites were found promoting Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project file password cracking software to deploy the Sality malware.

8. British jeweler Graff paid a ransom of $7.5 million, following the Conti ransomware attack in September 2021. The group had published 69,000 confidential files related to 11,000 of Graff's clients.

9. Since the Data Safety section was launched on the Play Store, Google is to remove app permissions list from both the web and mobile app, giving users the chance to check all required permissions by an app.

10. Crosslake Technologies, a data-driven technology advisory service provider, acquired cybersecurity advisory company VantagePoint. The terms of the deal are undisclosed.