A Chinese-linked threat actor has been tied to a third large-scale malicious browser extension campaign that has compromised data from millions of users across major web browsers, according to new findings by cybersecurity firm Koi Security. The latest campaign,…
IT Security News Hourly Summary 2026-01-01 18h : 2 posts
2 posts were published in the last hour 17:2 : Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen 17:2 : ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft…
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories
The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They…
Top 10 High-Risk Vulnerabilities Of 2025 that Exploited in the Wild
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in critical vulnerabilities, with over 21,500 CVEs disclosed in the first half of the year alone, representing a 16-18% increase compared to 2024. Among these, a select group…
Best of 2025: CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability
When security vulnerabilities appear in popular frameworks, they can affect thousands of websites overnight. That’s exactly what’s happening with a newly discovered vulnerability in Next.js – one of the most… The post CVE-2025-29927 – Understanding the Next.js Middleware Vulnerability appeared…
React2Shell under attack: RondoDox Botnet spreads miners and malware
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers. “CloudSEK’s report…
Why the Leak of 16 Billion Passwords Remains a Live Cybersecurity Threat in 2025
As the year 2025 comes to an end people are still talking about a problem with cybersecurity. This problem is really big. It is still causing trouble. A lot of passwords and login credentials were exposed. We are talking…
Trust Wallet Chrome Extension Hack Costs $8.5 Million Theft
Chrome extension compromise resulted in millions of theft Trust Wallet recently disclosed that the Sha1-Hulur supply chain attack last year in November might be responsible for the compromise of its Google Chrome extension, causing $8.5 million assets theft. About the…
Best of 2025: Google Gemini AI Flaw Could Lead to Gmail Compromise, Phishing
Researchers discovered a security flaw in Google’s Gemini AI chatbot that could put the 2 billion Gmail users in danger of being victims of an indirect prompt injection attack, which could lead to credentials being stolen or phishing attacks. The…
IT Security News Hourly Summary 2026-01-01 15h : 1 posts
1 posts were published in the last hour 14:2 : TikTok US Deal: ByteDance Sells Majority Stake Amid Security Fears
TikTok US Deal: ByteDance Sells Majority Stake Amid Security Fears
TikTok’s Chinese parent company, ByteDance, has finalized a landmark deal with US investors to restructure its operations in America, aiming to address longstanding national security concerns and regulatory pressures. The agreement, signed in late December 2025, will see a…
A Happy, Prosperous & Safe New Year 2026 Wish To You And Yours
via Photographer Marjory Collins in New York City, NY, USA, January 1943. Blowing Horns on Bleeker Street, New Year’s Day Permalink The post A Happy, Prosperous & Safe New Year 2026 Wish To You And Yours appeared first on Security…
IT Security News Hourly Summary 2026-01-01 12h : 2 posts
2 posts were published in the last hour 10:31 : Two U.S. CyberSecurity Pros Plead Guilty for Working as ALPHV/BlackCat Affiliates 10:31 : WhatsApp Crypt Tool to Encrypt and Decrypt WhatsApp Backups
Two U.S. CyberSecurity Pros Plead Guilty for Working as ALPHV/BlackCat Affiliates
A federal court in the Southern District of Florida has accepted guilty pleas from two cybersecurity professionals who used their expertise to conduct ransomware attacks rather than stop them. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas,…
WhatsApp Crypt Tool to Encrypt and Decrypt WhatsApp Backups
An open-source solution for handling encrypted WhatsApp backups. The wa-crypt-tools suite, hosted on GitHub, decrypts and encrypts .crypt12, .crypt14, and .crypt15 files from WhatsApp and WhatsApp Business, provided users supply the required key file or 64-character key. wa-crypt-tools simplifies access…
RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging…
Bitcoin’s Security Assumptions Challenged by Quantum Advancements
While the debate surrounding Bitcoin’s security architecture has entered a familiar yet new phase, theoretical risks associated with quantum computing have emerged in digital forums and investor circles as a result of the ongoing debate. Although quantum machines may not…
Unleash Protocol Suffers $3.9M Crypto Loss After Unauthorized Smart Contract Upgrade
Decentralized intellectual property platform Unleash Protocol has reported a loss of approximately $3.9 million in digital assets following an unauthorized upgrade to its smart contracts that enabled illicit withdrawals. The Unleash team stated that the attacker managed to gain…
Infosecurity’s Top 10 Cybersecurity Stories of 2025
Explore Infosecurity Magazine’s most-read cybersecurity stories of 2025, from major vendor shake-ups and zero-day exploits to AI-driven threats and supply chain attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Infosecurity’s Top 10 Cybersecurity Stories of 2025
Unleash Protocol hackers drain millions, DarkSpectre campaigns exposed, Shai-Hulud attack led Trust Wallet heist
Hackers drain millions from Unleash Protocol DarkSpectre campaigns exposed Shai-Hulud attack led Trust Wallet heist Huge thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly…
Granular attribute-based access control for context window injections
Learn how granular attribute-based access control (ABAC) prevents context window injections in AI infrastructure using quantum-resistant security and MCP. The post Granular attribute-based access control for context window injections appeared first on Security Boulevard. This article has been indexed from…
IT Security News Hourly Summary 2026-01-01 00h : 3 posts
3 posts were published in the last hour 23:2 : Hacker Claims European Space Agency Breach, Selling 200GB of Data 23:1 : IT Security News Weekly Summary January 22:55 : IT Security News Daily Summary 2025-12-31
Hacker Claims European Space Agency Breach, Selling 200GB of Data
A hacker using the alias 888 is claiming responsibility for a major data breach affecting the European Space… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: Hacker Claims European…