Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
VSCode fork extension attack: hijacked recommendations
AI-powered VSCode forks still recommend extensions missing in OpenVSX, letting attackers hijack namespaces and ship malware—here’s how to lock it down.
-
Unleash Protocol multisig hijack: $3.9M drained fast
Attackers seized Unleash Protocol multisig control, pushed an unauthorized upgrade, drained $3.9M in WIP, USDC, and WETH, and laundered funds via Tornado Cash—here’s how to harden governance.
-
Shai-Hulud Supply Chain Attack: How npm Tokens Became Million-Dollar Keys
Shai-Hulud demonstrates how compromised npm tokens became a self-replicating worm affecting hundreds of packages, exposing 400,000 developer secrets and enabling the $8.5 million Trust Wallet crypto theft.
-
Resecurity honeypot trap sparks breach debate
Resecurity says the breach claims against it touched only a synthetic-data honeypot, while the attackers insist they stole real records. We break down how the decoy was built, what telemetry it produced, and the controls you need to run deception without creating new risk.
-
LastPass Breach Leads to Ongoing Crypto Theft
TRM Labs blockchain investigation links $35+ million in cryptocurrency thefts to the 2022 LastPass breach. Attackers crack master passwords offline, extract private keys, drain wallets via CoinJoin mixing, and launder funds through Russian exchanges.
-
Defense Sanctions Target US Firms Over Taiwan Arms
China imposed defense sanctions on 20 U.S. companies and 10 executives after Washington approved over $10 billion in Taiwan arms sales. Beijing froze assets and banned business transactions.
-
Honeypot Defense Turns Breach Claim Into Intelligence
Threat actors claimed breaching Resecurity. The firm responded with deception: attackers accessed a honeypot trap containing fake data. Resecurity’s defense turned an attack into intelligence collection.
-
Finnish Authorities Detain Crew and Seize Vessel After Undersea Cable Severed: Aggravated Sabotage Probe Uncovers Sanctioned Cargo
Finnish authorities detained 14 crew aboard the Fitburg cargo ship after a critical undersea cable linking Helsinki to Estonia was severed on New Year’s Eve. Two crew members—Russian and Azerbaijani nationals—face arrest on aggravated sabotage charges, while investigators discovered sanctioned Russian steel in the vessel’s cargo. A second cable operated by Arelion also failed the…
-
Trust Wallet Browser Extension Poisoned via Shai-Hulud NPM Attack, $8.5M in Crypto Drained from 2,596 Users
Attackers exploited the Shai-Hulud NPM supply chain attack to leak Trust Wallet developer GitHub secrets, including the Chrome Web Store API key. Using this key, they uploaded a malicious version of Trust Wallet’s extension that harvested private keys and seed phrases, draining $8.5 million from 2,596 crypto wallets. The attack shows how compromised credentials eliminate…
-
European Space Agency Data Breach Exposes 200GB of Infrastructure and Source Code
A hacker claiming the alias 888 alleges a breach of the European Space Agency on December 18, 2025, claiming theft of 200GB of internal data including private repositories, project management systems, CI/CD configurations, and hardcoded credentials. Screenshots allegedly show access to Security Operations Centre systems, spacecraft documentation, and partner organization technical deliverables. The breach exposes…