Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Shai-Hulud Supply Ch ...

 Cyber News

Trust Wallet users had $8.5 million in crypto assets stolen in a cyberattack linked to the second wave of the Shai-Hulud npm supply chain attack. In a lengthy analysis of the attack, Trust Wallet said attackers used the Shai-Hulud attack to access Trust Wallet’s browser extension source code and Chrome Web Store API   show more ...

key. “Using that access, they were able to prepare a tampered version of the extension with a backdoor designed to collect users’ sensitive wallet data [and] releasing the malicious version to the Chrome Web Store using the leaked (CWS) API key,” the crypto wallet company said. So far Trust Wallet has identified 2,520 wallet addresses affected by the incident and drained by the attackers, totaling approximately $8.5 million in assets. The company said it “has decided to voluntarily reimburse the affected users.” News of the successful attack comes amid reports that threat actors are actively preparing for a third wave of Shai-Hulud attacks. Trust Wallet Shai-Hulud Attack Detailed Trust Wallet said “an unauthorized and malicious version” of its Browser Extension (version 2.68) was published to the Chrome Web Store on December 24, “outside of our standard release process (without mandatory review). This version contained malicious code that, when loaded, allowed the attacker to access sensitive wallet data and execute transactions without authorization.” The $8.5 million in assets were associated with 17 wallet addresses controlled by the attacker, but Trust Wallet said the attacker addresses “also drained wallet addresses NOT associated with Trust Wallet and this incident. We are actively tracking other wallet addresses that may have been impacted and will release updated numbers once we have confirmation.” The incident affects only Trust Wallet Browser Extension version 2.68 users who opened the extension and logged in during the affected period of December 24-26. It does not affect mobile app users, users of other Browser Extension versions, or Browser Extension v2.68 users who opened and logged in after December 26 at 11:00 UTC. “If you have received an app push via the Trust Wallet mobile app or you see a security incident banner on your Trust Wallet Browser Extension, you may still be using the compromised wallets,” the company said. Browser Extension v2.68 users who logged into their wallets during the affected period were advised to transfer their funds from any at-risk wallets to a newly created wallet following the company’s instructions and to submit reimbursement claims at https://be-support.trustwallet.com. White Hat Researchers Limited Damage with DDoS Attacks The dramatic Trust Wallet attack was met by an equally dramatic response from white hat security researchers, who launched DDoS attacks on the attacker to limit damage, as detailed in the company’s update. Trust Wallet’s Developer GitHub secrets were exposed in the November second-wave attack, which gave the attacker access to the browser extension source code and the API key, allowing builds to be uploaded directly without Trust Wallet's internal approval and manual review. The attacker registered the domain metrics-trustwallet.com “with the intention of hosting malicious code and embedding a reference to that code in their malicious deployment of the Trust Wallet Browser Extension,” the company said. The attacker prepared and uploaded a tampered version of the browser extension using the codebase of an earlier version that they had accessed through the exposed developer GitHub secrets. The attacker published version 2.68 on the Chrome Web Store for review using the leaked CWS key, “and the malicious version was released automatically upon passing Chrome Web Store review approval,” Trust Wallet said. On December 25, the first wallet-draining activity was publicly reported, when 0xAkinator and ZachXBT flagged the issues and identified the attacker's wallet addresses, and partner Hashdit and internal systems “notified us with multiple suspicious alerts.” “White-hat researchers initiated DDoS attacks in an attempt to temporarily disable the attacker's malicious domain, api.metrics-trustwallet.com, helping to minimize further victims,” Trust Wallet said. The company rolled back to a verified clean version (2.67, released as 2.69) and issued urgent upgrade instructions.

image for Poland Calls for EU ...

 Cyber News

Poland's Ministry of Digital Affairs submitted a formal request to the European Commission, this week, demanding investigation of TikTok for allegedly failing to moderate a large-scale disinformation campaign run using AI-generated content that urged Poland to exit the European Union. The authorities claimed the   show more ...

platform violated obligations as a Very Large Online Platform under the Digital Services Act. Secretary of State Dariusz Standerski warned the synthetic audiovisual materials pose threats to public order, information security, and the integrity of democratic processes in Poland and across the European Union. Some of the videos observed contain young women advocating for "Polexit" likely targeted at the younger audiences. European analytics collective Res Futura found one such TikTok account "Prawilne Polki," which published content showing women dressed in T-shirts bearing Polish flags and patriotic symbols. [caption id="attachment_108182" align="aligncenter" width="400"] AI-generated "Polexit" videos (Source: Res Futura X account)[/caption] The video character said: "I want Polexit because I want freedom of choice, even if it will be more expensive. I don't remember Poland before the European Union, but I feel it was more Polish then." (machine translated) The disclosed content published in the Polish-language segment of TikTok exhibits characteristics of a "coordinated disinformation campaign," with the nature of narratives, distribution methods, and use of synthetic materials indicating TikTok failed to implement adequate mechanisms for moderating AI-generated content or ensure effective transparency measures regarding material origins, Standerski said. Four-Point Action Request Poland's formal request to Executive Vice President for Tech Sovereignty, Security and Democracy Henna Virkkunen proposes the European Commission initiate investigative proceedings concerning suspected breaches of Digital Services Act provisions relating to systemic risk management and content moderation. The ministry demands TikTok submit a detailed report on the scale and nature of disclosed content, its reach, and actions taken to remove it and prevent further dissemination. Poland also requests the Commission consider applying interim measures aimed at limiting continued spread of AI-generated content encouraging Polish EU withdrawal. The fourth request asks for coordination with Poland's Digital Services Coordinator UKE and notification of relevant national authorities regarding proceedings outcomes. [caption id="attachment_108177" align="aligncenter" width="400"] Letter sent by Secretary of State Dariusz Standerski to the EU Commission. (Source: X)[/caption] Systemic Risk Management Failures Available information suggests TikTok has not implemented adequate mechanisms for moderating AI-generated content, Standerski said. The platform's alleged failure to ensure effective transparency measures regarding synthetic material origins undermines Digital Services Act objectives concerning disinformation prevention and user protection. The scale of this phenomenon, its potential consequences for political stability, and the use of generative technologies to undermine democratic foundations require immediate response from European Union institutions, the letter stressed. As a Very Large Online Platform under DSA regulations, TikTok faces enhanced obligations including systemic risk assessments, independent audits, and transparency reporting. The platform must identify and mitigate risks relating to dissemination of illegal content and negative effects on civic discourse and electoral processes. Growing Concerns Over AI-Generated Disinformation The Polish complaint represents one of the first formal DSA enforcement requests specifically targeting AI-generated disinformation campaigns on major social media platforms. The case highlights growing concerns among EU member states about synthetic media being weaponized to manipulate public opinion and undermine democratic institutions. The Digital Services Act, which came into full effect in February 2024, grants the European Commission powers to investigate very large platforms and impose fines up to 6% of global annual revenue for violations. The law requires platforms to assess and mitigate systemic risks including manipulation of services affecting democratic processes and public security. TikTok has already been under the scanner from the EU Commission for violations under the Digital Services Act. February, last year, the Commission opened a formal investigation against the social media giant for DSA violation in areas linked to the protection of minors, advertising transparency, data access for researchers, and risk management of addictive design and harmful content. Also read: U.S. Government Sues TikTok for COPPA Violations, Exposing Millions of Children’s Data

image for Singapore CSA Warns ...

 Firewall Daily

The Cyber Security Agency of Singapore (CSA) has issued a high-priority alert warning organizations and system administrators about a critical security vulnerability affecting SmarterMail, an enterprise email and collaboration platform developed by SmarterTools. The flaw, tracked as CVE-2025-52691, carries the   show more ...

highest possible severity rating and could allow attackers to execute arbitrary code remotely without authentication.  According to CSA, the vulnerability has been assigned a Common Vulnerability Scoring System (CVSS v3.1) score of 10.0, reflecting its potential for widespread and severe impact. The issue arises from an arbitrary file upload weakness that could be exploited by unauthenticated attackers to upload files to any directory on a vulnerable mail server.  “Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution,” CSA said in its advisory.  Technical Details and Potential Attack Scenarios for CVE-2025-52691  The vulnerability identified as CVE-2025-52691 affects SmarterMail versions Build 9406 and earlier. At its core, the flaw allows arbitrary file uploads, a class of vulnerability that can be especially dangerous in server-side applications. If a malicious file type is uploaded and automatically processed by the application environment, it may be interpreted as executable code.  CSA noted that this behavior could pave the way for remote code execution, particularly if an attacker uploads a script or binary file that the server is capable of executing. For example, malicious web shells or binaries could be placed on the server and run with the same privileges as the SmarterMail service itself.  In a hypothetical attack scenario outlined by CSA, a threat actor could leverage this weakness to establish persistent access to the mail server. From there, attackers could potentially exfiltrate sensitive data, deploy additional malware, or use the compromised system as a foothold to move laterally within an organization’s network. The absence of any authentication requirement lowers the barrier to exploitation.  Affected Versions and Recommended Mitigation  CSA confirmed that SmarterMail Build 9406 and earlier are vulnerable to exploitation. To mitigate the risk, SmarterTools has released security updates addressing the issue. The vulnerability was fixed in SmarterMail Build 9413, which was released on October 9, 2025.  “Users and administrators of affected product versions are advised to update to SmarterMail version Build 9413 immediately,” CSA stated in its bulletin.  While Build 9413 resolves CVE-2025-52691, CSA further recommends upgrading to the latest available release for improved security posture. As of the advisory, the most recent version is SmarterMail Build 9483, released on December 18, 2025. Although the agency noted that there is no indication of active exploitation in the wild, timely patching is advised to reduce exposure.  Discovery, Disclosure, and Broader Impact  CSA credited Chua Meng Han from the Centre for Strategic Infocomm Technologies (CSIT) for discovering and responsibly reporting the vulnerability. The agency also acknowledged SmarterTools Inc. for its cooperation during the coordinated disclosure and remediation process.  While CSA has not reported any confirmed in-the-wild exploitation of CVE-2025-52691, the agency made clear that unauthenticated remote code execution flaws pose a serious and immediate risk. Organizations running SmarterMail should treat this vulnerability as a high priority, apply the required updates without delay, and actively review systems for signs of unauthorized file uploads or suspicious activity.  To stay protected from vulnerabilities like CVE-2025-52691, organizations need continuous visibility into new cyber threats and real-world exploitation risks. Cyble helps security teams monitor critical vulnerabilities, track attacker activity, and prioritize remediation through AI-powered threat intelligence.  Gain early insight into high-risk vulnerabilities, attacker tactics, and exposed assets with Cyble’s AI-native threat intelligence platform.  Book a free demo to strengthen your vulnerability response and reduce risk before threats escalate. 

 Feed

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou

 Feed

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

 Feed

Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on

 Feed

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source

 Feed

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the

2025-12
Aggregator history
Wednesday, December 31
MON
TUE
WED
THU
FRI
SAT
SUN
DecemberJanuaryFebruary