Cybersecurity News | Daily Recap [26 Dec 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• A critical deserialization injection in LangChain Core can expose secrets via serialization injection, risking credential and token leakage – LangChain Flaw
• Fortinet warns of active exploitation of a FortiOS SSL VPN 2FA bypass that allows remote attackers to circumvent multi‑factor protections – FortiOS Bypass
• ThreatsDay roundup highlights active Docker attacks, stealth loaders and other emerging exploitation trends across the threat landscape – ThreatsDay Bulletin

Malware & Supply-chain

• A compromised Trust Wallet Chrome extension was tied to millions in cryptocurrency losses after malicious updates hijacked user funds – Trust Wallet
• The Webrat malware, disguised as exploit code and accompanied by stealth loaders, is being distributed via GitHub repos and other supply‑chain channels – Webrat Spread, ThreatsDay Bulletin

AI & Research

• NIST and MITRE announced a $20 million research effort to improve AI cybersecurity, focusing on defenses and adversarial resilience – AI Research
• ThreatsDay flags exploitable flaws in AI chatbots that can be abused to bypass safeguards and leak sensitive information – ThreatsDay Bulletin

Data Breaches & Crypto Theft

• TRM Labs links the LastPass 2022 breach to years‑long cryptocurrency thefts, showing stolen secrets enabled ongoing fund drains – LastPass Theft

Surveillance & Privacy

• A deep dive into Uzbekistan’s nationwide license‑plate surveillance system reveals centralized tracking of plate data and major privacy concerns – Uzbekistan Plates

Cybersecurity News | Daily Recap – hendryadrian.com