Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
VSCode fork extension attack: hijacked recommendations
AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.
·
·
3–5 minutes -
Unleash Protocol multisig hijack: $3.9M drained fast
Attackers seized Unleash Protocol multisig control, pushed an unauthorized upgrade, drained $3.9M in WIP, USDC, and WETH, and laundered funds via Tornado Cash—here’s how to harden governance.
·
·
6–9 minutes -
Shai-Hulud Supply Chain Attack: How npm Tokens Became Million-Dollar Keys
Shai-Hulud demonstrates how compromised npm tokens became a self-replicating worm affecting hundreds of packages, exposing 400,000 developer secrets and enabling the $8.5 million Trust Wallet crypto theft.
·
·
4–7 minutes -
Resecurity honeypot trap sparks breach debate
Resecurity says the breach claims against it touched only a synthetic-data honeypot, while the attackers insist they stole real records. We break down how the decoy was built, what telemetry…
·
·
5–7 minutes -
LastPass Breach Leads to Ongoing Crypto Theft
TRM Labs blockchain investigation links $35+ million in cryptocurrency thefts to the 2022 LastPass breach. Attackers crack master passwords offline, extract private keys, drain wallets via CoinJoin mixing, and launder…
·
·
7–10 minutes -
Defense Sanctions Target US Firms Over Taiwan Arms
China imposed defense sanctions on 20 U.S. companies and 10 executives after Washington approved over $10 billion in Taiwan arms sales. Beijing froze assets and banned business transactions.
·
·
4–7 minutes -
Honeypot Defense Turns Breach Claim Into Intelligence
Threat actors claimed breaching Resecurity. The firm responded with deception: attackers accessed a honeypot trap containing fake data. Resecurity’s defense turned an attack into intelligence collection.
·
·
6–9 minutes -
Finnish Authorities Detain Crew and Seize Vessel After Undersea Cable Severed: Aggravated Sabotage Probe Uncovers Sanctioned Cargo
Finnish authorities detained 14 crew aboard the Fitburg cargo ship after a critical undersea cable linking Helsinki to Estonia was severed on New Year’s Eve. Two crew members—Russian and Azerbaijani…
·
·
9–14 minutes -
Trust Wallet Browser Extension Poisoned via Shai-Hulud NPM Attack, $8.5M in Crypto Drained from 2,596 Users
Attackers exploited the Shai-Hulud NPM supply chain attack to leak Trust Wallet developer GitHub secrets, including the Chrome Web Store API key. Using this key, they uploaded a malicious version…
·
·
7–10 minutes -
European Space Agency Data Breach Exposes 200GB of Infrastructure and Source Code
A hacker claiming the alias 888 alleges a breach of the European Space Agency on December 18, 2025, claiming theft of 200GB of internal data including private repositories, project management…
·
·
6–9 minutes
