ThreatsDay Roundup: $290M DeFi Heist, macOS LotL Abuse, ProxySmart SIM Farms

The latest ThreatsDay bulletin spans a wide threat surface in a single news cycle. A $290M DeFi exploit dominates the financial-crime beat, underscoring that on-chain protocols remain the highest-value targets for skilled adversaries who can chain logic flaws into instant, irreversible payouts. Alongside it, a fresh wave of macOS living-off-the-land tradecraft shows attackers continuing to lean on signed Apple binaries and built-in tooling to bypass endpoint controls that still over-index on Windows telemetry.

The ProxySmart SIM farm operation rounds out the headline trio, highlighting the industrial scale of consumer-mobile abuse: thousands of physical SIMs orchestrated to launder traffic, defeat SMS-based identity checks, and rent residential reputation to whoever pays. Combined with 25 additional stories in the bulletin, the overall picture is one of attacker specialization — DeFi crews, macOS toolers, and SIM-farm operators are now distinct, mature subcultures rather than overlapping generalists.

For defenders, the implication is that single-discipline coverage no longer suffices. Threat models that treat crypto, endpoint, and telecom abuse as separate problem spaces miss the reality that the same compromised identities, infrastructure, and laundering rails increasingly feed all three.