Breaking News – Cyber Threats (last 6h)
Generated: 2025-12-31 12:00 PST
- Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
The Hacker News • 2025-12-31 08:29 • thehackernews.com
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.
“Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source
https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html - DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The Hacker News • 2025-12-31 08:14 • thehackernews.com
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.
The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the
https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html - Hackers drain $3.9M from Unleash Protocol after multisig hijack
BleepingComputer • 2025-12-31 07:54 • www.bleepingcomputer.com
The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. […]
https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/ - RondoDox botnet exploits React2Shell flaw to breach Next.js servers
BleepingComputer • 2025-12-31 06:58 • www.bleepingcomputer.com
The RondoDox botnet has been observed exploiting the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. […]
https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
