Menu

25 Latest Articles Current Articles | Archives | Search
01

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Master Code Fu posted on January 01, 2026 10:28
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in an

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
01

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Master Code Fu posted on January 01, 2026 10:28
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
01

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

Master Code Fu posted on January 01, 2026 10:28
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
01

Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System

Master Code Fu posted on January 01, 2026 10:28
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
01

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

Master Code Fu posted on January 01, 2026 10:28
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on

[Read the rest of this article...]

Posted in: Security News
Actions: E-mail | Permalink | Comments (0) RSS comment feed
Page 1 of 10First   Previous   [1]  2  3  4  5  6  7  8  9  10  Next   Last