Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Trust Wallet Browser Extension Poisoned via Shai-Hulud NPM Attack, $8.5M in Crypto Drained from 2,596 Users
Attackers exploited the Shai-Hulud NPM supply chain attack to leak Trust Wallet developer GitHub secrets, including the Chrome Web Store API key. Using this key, they uploaded a malicious version of Trust Wallet’s extension that harvested private keys and seed phrases, draining $8.5 million from 2,596 crypto wallets. The attack shows how compromised credentials eliminate…
-
European Space Agency Data Breach Exposes 200GB of Infrastructure and Source Code
A hacker claiming the alias 888 alleges a breach of the European Space Agency on December 18, 2025, claiming theft of 200GB of internal data including private repositories, project management systems, CI/CD configurations, and hardcoded credentials. Screenshots allegedly show access to Security Operations Centre systems, spacecraft documentation, and partner organization technical deliverables. The breach exposes…
-
DarkSpectre Browser Extension Campaigns Expose 8.8 Million Users to Corporate Espionage
DarkSpectre is a Chinese threat actor operating three browser extension campaigns infecting 8.8 million users across Chrome, Edge, and Firefox. ShadyPanda (5.6M users) executes mass surveillance and affiliate fraud. GhostPoster (1.05M) delivers steganographic payloads. The Zoom Stealer (2.2M) monitors 28+ video conferencing platforms, exfiltrating meeting URLs, participant lists, speaker identities, and company data in real-time.…
-
Tokyo FM Data Breach Claims 3 Million Records Exposed
On January 1, 2026, an attacker announced access to Tokyo FM Broadcasting Co., Ltd.’s internal systems, claiming to have exfiltrated 3 million listener and employee records. The dataset reportedly includes personal identifiers (names, emails, IP addresses), behavioral data (user agents), authentication tokens, and employment information. Tokyo FM has not yet issued public confirmation or customer…
-
Roundcube CVE-2025-68461: SVG XSS Vulnerability Enables Silent Email Account Takeover Through Malicious Animate Tags
Roundcube Webmail contains a Cross-Site Scripting vulnerability (CVE-2025-68461, CVSS 7.2) that enables attackers to hijack email accounts by sending malicious SVG files. The flaw exploits improper sanitization of SVG animate tags to execute JavaScript in victim browsers, granting full account access without credentials. Security patches are available for versions 1.5.12 and 1.6.12, but deployment lags…
-
Undersea Cable Sabotage Suspected: Finland Detains Crew as NATO Infrastructure Faces Hybrid Warfare Threat
On New Year’s Eve, a cargo ship dragged an anchor across a critical undersea cable linking Finland and Estonia, severing connectivity. Finnish authorities arrested two crew members for alleged sabotage, discovering the vessel also carried sanctioned Russian steel. The incident marks a turning point in hybrid warfare tactics targeting NATO critical infrastructure, raising urgent questions…
-
RemoveWindowsAI: Complete AI Feature Removal for Windows Privacy, Control, and Defensive Hardening
RemoveWindowsAI is a PowerShell-based tool for completely removing Microsoft’s built-in AI features from Windows 11 25H2 builds—Copilot, Recall, Input Insights, and AI-powered tools in Paint and Notepad. For defenders prioritizing privacy, system control, and operational security, this tool provides comprehensive disablement across registry keys, appx packages, Component-Based Servicing stores, and scheduled tasks. It includes backup…
-
Japan’s Record Defense Budget: Strategic Pivot from Pacifism to Offensive Deterrence Against Rising Chinese Military Threat
Japan’s Cabinet approved a record 9 trillion yen ($58 billion) defense budget for fiscal 2026, marking a 9.4% increase and the fourth consecutive year of a five-year military spending expansion. This budget funds Type-12 long-range missiles, AI-integrated drone systems, and next-generation fighter development, signaling Japan’s strategic pivot from pacifism to offensive deterrence against China’s rapid…
-
Operation Absolute Resolve: U.S. Military Capture of Maduro and the Strategic Doctrine of Regime Change
Operation Absolute Resolve marks a watershed moment: the U.S. military capture of a sitting Western Hemisphere leader using Delta Force operatives, RQ-170 stealth drones, and precision strikes on air defense systems. Trump pledges direct U.S. governance of Venezuela’s economy and oil infrastructure. The operation raises critical questions about international law, regime change doctrine, and American…
-
GenWar Lab: Johns Hopkins APL’s Generative AI for Military Wargaming—Strategic Risks and the AI Validation Challenge
Johns Hopkins Applied Physics Laboratory is launching the GenWar Lab in 2026 to accelerate military wargaming using generative AI. The facility will embed LLMs into tabletop exercises to generate AI agents, translate human commands to mathematical models, and conduct AI-only scenarios. While promising faster strategic planning, GenWar raises critical questions: Can LLMs be reliably benchmarked…