**
Jan 01, 2026 **
Ravie Lakshmanan
Network Security / Vulnerability
Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things …
**
Dec 31, 2026 **
Ravie Lakshmanan
Software Security / Data Breach
Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 …
**
Dec 31, 2026 **
Ravie Lakshmanan
Cybersecurity / Malware
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight …
**
Dec 31, 2026 **
Ravie Lakshmanan
API Security / Vulnerability
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the …
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users …
**
Dec 31, 2026 **
Ravie Lakshmanan
Spyware / Mobile Security
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the …
LinkedIn Job Scams Interesting article on the variety of LinkedIn job scams around the world:
In India, tech jobs are used as bait because the industry employs millions of people and offers …
**
Dec 30, 2026 **
Ravie Lakshmanan
Vulnerability / Email Security
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools …
Using AI-Generated Images to Get Refunds Scammers are generating images of broken merchandise in order to apply for refunds.
Tags: AI , China , scams
Posted on December 30, 2025 at 7:02 AM • 0 …
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). …
**
Dec 30, 2026 **
Ravie Lakshmanan
Malware / Cyber Espionage
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new …
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is …
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been …
**
Dec 29, 2026 **
Ravie Lakshmanan
Hacking News / Cybersecurity
Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools …
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025 , malicious Nx packages leaked …
**
Dec 29, 2026 **
Ravie Lakshmanan
Database Security / Vulnerability
A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 …
Are We Ready to Be Governed by Artificial Intelligence? Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The …
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm …
**
Dec 27, 2025 **
Ravie Lakshmanan
Database Security / Vulnerability
A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap …
**
Dec 26, 2025 **
Ravie Lakshmanan
Cryptocurrency / Incident Response
Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a …
IoT Hack Someone hacked an Italian ferry .
It looks like the malware was installed by someone on the ferry, and not remotely.
Tags: France , hacking , Internet of Things , malware
Posted on December …
Friday Squid Blogging: Squid Camouflage New research :
Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both …
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its …
**
Dec 26, 2025 **
Ravie Lakshmanan
AI Security / DevSecOps
A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …