Category: Daily Recap

Threat Research | Weekly Recap [04 Jan 2026]

Cybersecurity Threat Research ‘Weekly’ Recap: This edition highlights information stealers and browser-extension abuse, including the VVS stealer, the EmEditor supply-chain incident with a Google Drive Caching extension, and the widespread ShadyPanda extension campaign affecting millions of users. It also covers APT activity and targeted intrusions (ToneShell and HoneyMyte kernel rootkit), Indian government‑focused LNK/HTA loaders and campaigns (APT36), Lazarus and Kimsuky shared infrastructure, RondoDoX botnet evolution with React2Shell, and ongoing tooling updates from Validin.
#VVSstealer #GoogleDriveCaching #ShadyPanda #ToneShell #HoneyMyte #APT36 #Lazarus #Kimsuky #RondoDoX #React2Shell #Validin #EmEditor #avocadomechanism #potherbreference

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, Covenant Health’s May breach affected nearly 478,000 patients, and ongoing cryptocurrency theft campaigns trace back to the 2022 LastPass breach. The report also highlights state-linked espionage by Transparent Tribe against Indian government targets, Finland’s arrest over suspected undersea cable sabotage, Fortinet 2FA bypass exposure, the RondoDox botnet exploiting React2Shell, Grok deepfake scrutiny, and service disruptions in France. #CovenantHealth #LastPass

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, threat actors and campaigns continue to target cryptocurrency wallets and cloud services, with Trust Wallet theft linked to a Shai-Hulud NPM supply-chain attack and a new GlassWorm wave trojanizing wallets on macOS. Another notable round-up highlights phishing via Google Cloud email, unpatched Adobe ColdFusion server campaigns, Covenant Health’s data breach affecting 478,000 people, and ongoing ThreatsDay Bulletin coverage of GhostAd Drain, macOS attacks, proxy botnets, and cloud exploits. #ShaiHulud #GlassWorm #TrustWallet #macOS #GoogleCloud #AdobeColdFusion #CovenantHealth #GhostAdDrain #ThreatsDayBulletin

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, The Shai-Hulud supply-chain attack on a Trust Wallet Chrome extension drained $8.5 million and spawned worm variants testing payloads on npm, while attackers drained $3.9 million from Unleash Protocol after hijacking a multisig wallet. Other major items include the RondoDox botnet exploiting the React2Shell flaw to breach IoT devices and Next.js deployments, the DarkSpectre campaign affecting about 8.8 million users, IBM’s API Connect vulnerability enabling remote authentication bypass, HoneyMyte’s rootkit infiltrating Asian governments, Finland’s seizure of a ship suspected of damaging a subsea cable in the Baltic Sea, and NYC banning Flipper Zero and Raspberry Pi devices at the mayoral inauguration. #ShaiHulud #DarkSpectre

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, critical patch notices hit IBM API Connect with an authentication bypass that could expose protected services, and a critical SmarterMail flaw (CVE-2025-52691) enabling unauthenticated RCE on vulnerable servers, with CISA ordering patches for the MongoBleed flaw following observed intrusions that affected Oracle EBS deployments including Korean Air and the University of Phoenix. The European Space Agency confirmed a breach of external servers, Disney agreed to pay $10 million to settle child data privacy claims related to YouTube content, two ALPHV/BlackCat ransomware operators pleaded guilty, and new info-stealers and malvertising campaigns—ErrTraffic, Lumma, Vidar, Cerberus, and Zoom Stealer—illustrate ongoing threat activity, alongside Intellexa Predator sanctions being reversed. #IBMAPIConnect #CVE2025_52691 #MongoBleed #OracleEBS #KoreanAir #UniversityofPhoenix #EuropeanSpaceAgency #Disney #ALPHV #BlackCat #ErrTraffic #Lumma #Vidar #Cerberus #ZoomStealer #Intellexa #Predator

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, Mustang Panda and allied state‑backed actors used a signed kernel‑mode rootkit to load and hide the ToneShell backdoor while DNS‑poisoning campaigns installed the MgBot backdoor. The roundup highlights MongoBleed exploitation affecting the US and Australia, major breaches at Coupang, Sax, and Korean Air‑supplier data, regulatory fines on NexPublica, MarquisSoftware and Gentlemen ransomware incidents, ValleyRAT phishing infrastructure, KMSAuto campaigns, Trust Wallet theft, and AI/security developments like Copilot GPT‑5.2 in SOC workflows. #MustangPanda #ToneShell #MgBot #MongoBleed #Coupang #Sax #KoreanAir #CNIL #NEXPUBLICA #MarquisSoftware #GentlemenRansomware #ValleyRAT #KMSAuto #TrustWallet

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, In crypto and scams, Trust Wallet’s browser extension was compromised to inject malicious code, prompting a $7 million theft, while fake GrubHub emails urged recipients to send cryptocurrency for a tenfold return. In nation-state and security updates, the China-linked Panda group deployed DNS poisoning to install the MgBot backdoor, La Poste faced a claimed attack by pro-Russian actors, Net-SNMP’s CVE-2025-68615 requires urgent patching, ParrotOS 7 debuts with KDE Plasma 6, and authorities in Georgia arrested a former spy chief over scam centers. #TrustWallet #GrubHub #Panda #MgBot #LaPoste #NetSNMP #CVE-2025-68615 #ParrotOS7 #Georgia

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, critical LangChain Core deserialization vulnerability can expose secrets via serialization injection, risking credential and token leakage across affected deployments. It also highlights ongoing security events—from FortiOS SSL VPN 2FA bypass and active Docker attacks to the Trust Wallet extension hack and Webrat distribution—along with AI security research by NIST and MITRE, the LastPass breach link, and Uzbekistan’s plate surveillance concerns. #LangChain #FortiOS #Docker #TrustWallet #Webrat #LastPass #Uzbekistan #NIST #MITRE

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, cybersecurity incidents this week spanned outages in France affecting La Poste and banking services, a Romania ransomware impact on around 1,000 systems, and a disruptive Kuaishou attack that slammed livestreaming and stock prices. It also flags backdoor activity such as the Nezha Trojan, WebRAT distribution via fake GitHub repos, credential-stealing Chrome extensions and a large npm package, plus major enforcement actions, data breaches, a critical n8n flaw, and policy shifts from Microsoft, ServiceNow, the FCC, Japan, and Italy. #LaPoste #Kuaishou #NezhaTrojan #WebRAT #ChromeExtensions #NPMStealer #Frogblight #INTERPOL #FraudDomainSeizure #FakeIDDomains #Nissan #ShinhanCard #UniversityOfPhoenix #n8n #Teams #Armis #FCCDroneBan #JapanStrategy #AppleFine #PasswdWalkthrough #ServiceNowDeal

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, global cybersecurity incidents disrupted services from banking and postal providers to critical infrastructure, with law enforcement actions and incident responses spanning multiple regions. Highlights include the La Poste DDoS disruption, a guilty plea in the Nefilim ransomware case, BitLocker ransomware affecting Romania’s water agency, and BRICKSTORM backdoor guidance from CISA. #LaPoste #Nefilim

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, WatchGuard reports a zero-day RCE exploited in the wild affecting over 115,000 Firebox devices, alongside a Somalia e-visa data exposure and Docker releasing hardened open-source images to bolster container security. Daily Recap, RansomHouse upgrades encryption with multi-layered data processing while Nefilim affiliates are implicated, an Android malware campaign combines droppers, SMS theft and RATs, and the U.S. DOJ charges 54 for an ATM jackpotting scheme using Ploutus, with North Korea-linked groups Lazarus, Kimsuky, Bluenoroff and BlueDelta resurfacing and Infy reappearing on the scene. #Firebox #WatchGuard #Somalia #Docker #RansomHouse #Nefilim #Android #Ploutus #Lazarus #Kimsuky #BlueDelta #Bluenoroff #Infy #NorthKorea

Read More
Threat Research | Weekly Recap [04 Jan 2026]

Cybersecurity Threat Research ‘Weekly’ Recap: State-aligned APTs, phishing campaigns, loader developments, and ransomware trends continue to reshape threats across government and enterprise targets. Key highlights span SideWinder and Cloud Atlas espionage, LongNosedGoblin, Ink Dragon, ForumTroll, APT35 leak, Phantom Enigma, DPRK campaigns, supply-chain and OSS tampering, OAuth device-code phishing, NexusRoute Android phishing, and ransomware trends including RansomHouse and Gentlemen.
#SideWinder #RansomHouse

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, China-aligned APT groups abused Windows Group Policy to deploy espionage malware against governments in Southeast Asia and Japan. Other highlights include Russia accused by Denmark of destructive attacks amid Europe’s hybrid threats and North Korea-linked cybercrime with more than $3.4 billion stolen in crypto, alongside widespread vulnerability disclosures and credential-theft campaigns. #ChinaAPT #NKSurge

Read More
Cybersecurity News | Daily Recap [03 Jan 2026]

Daily Recap, major breaches impacted 27,000 University of Sydney records and about 113,000 VA patients, while UK NHS‑linked providers and other government intrusions highlighted a broad cross‑sector threat landscape. The roundup also notes ransomware takedowns like E‑Note, critical exploits from WatchGuard and Cisco AsyncOS, and campaigns such as Kimsuky’s DocSwap Android malware and North Korea–linked crypto theft, plus policy and industry responses shaping defenses. #Kimsuky #DocSwap #NKCryptoTheft #ENote #WatchGuard #CiscoAsyncOS

Read More