A new phishing campaign, dubbed PoisonSeed, is targeting customer relationship management (CRM) platforms such as Mailchimp, SendGrid, and HubSpot to steal cryptocurrency wallets. Hackers are sending mass spam attacks containing fake seed phrases to lure victims into providing sensitive information. Once they gain access, the attackers create API keys that allow for long-term control over the compromised accounts, even if the original passwords are reset. The campaign also utilizes stolen email credentials to disseminate these fraudulent seed phrases, further endangering users' crypto assets. Additionally, a separate malware campaign involving the Neptune Remote Access Trojan (RAT) is spreading through platforms like GitHub, Telegram, and YouTube, posing a threat to Windows PCs and potentially stealing cryptocurrencies. Over 4,600 users have been affected by this malware from January to March 2025, with a significant portion of victims being Russian speakers. The attack chain employs various methods, including fake URLs and Google Ads, to enhance its reach.