Cyber News & Articles

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.
“Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets.
“Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.
The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.
The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list.
The names of the individuals are as follows –

Merom Harpaz
Andrea Nicola Constantino Hermes Gambazzi
Sara Aleksandra Fayssal Hamou

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list.
The names of the individuals are as follows –

Merom Harpaz
Andrea Nicola Constantino Hermes Gambazzi
Sara Aleksandra Fayssal Hamou