Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [01 Jan 2026]

admin
Cybersecurity News | Daily Recap [01 Jan 2026]

Daily Recap, The Shai-Hulud supply-chain attack on a Trust Wallet Chrome extension drained $8.5 million and spawned worm variants testing payloads on npm, while attackers drained $3.9 million from Unleash Protocol after hijacking a multisig wallet. Other major items include the RondoDox botnet exploiting the React2Shell flaw to breach IoT devices and Next.js deployments, the DarkSpectre campaign affecting about 8.8 million users, IBM’s API Connect vulnerability enabling remote authentication bypass, HoneyMyte’s rootkit infiltrating Asian governments, Finland’s seizure of a ship suspected of damaging a subsea cable in the Baltic Sea, and NYC banning Flipper Zero and Raspberry Pi devices at the mayoral inauguration. #ShaiHulud #DarkSpectre

Crypto Thefts

Botnets & Exploits

  • The RondoDox botnet exploited the React2Shell flaw to hijack IoT devices and web servers and to breach Next.js deployments – RondoDox Exploit, RondoDox Next.js

Browsers & Extensions

  • The DarkSpectre malicious browser‑extension campaign affected roughly 8.8 million users worldwide – DarkSpectre Campaign
  • Tips and features for faster browsing using the lightweight Adapt Browser aimed at improving productivity – Adapt Browser

Vulnerabilities

  • IBM warned of a critical API Connect bug that allows a remote authentication bypassIBM API Bug

Nation-state Attacks

  • “The Ghost in the Kernel” details how HoneyMyte weaponized a rootkit to infiltrate and hijack multiple Asian governmentsHoneyMyte Rootkit

Critical Infrastructure

  • Finland seized a ship suspected of damaging a subsea cable in the Baltic Sea after investigations into undersea infrastructure damage – Subsea Cable

Event Security

  • The NYC mayoral inauguration banned Flipper Zero and Raspberry Pi devices from the venue to mitigate on‑site hacking risks – NYC Device Ban

Cybersecurity News | Daily Recap – hendryadrian.com