CyberNews: 01/01/2026 Edition

Published by Dunateo on 2026-01-01

Today’s roundup

  • Hackers drain $3.9M from Unleash Protocol after multisig hijack
  • RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers
  • Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack
  • DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
  • Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?
  • ESA disclosed a data breach, hackers breached external servers
  • Singapore CSA warns of maximun severity SmarterMail RCE flaw

    • Summary

    The decentralized intellectual property platform Unleash Protocol suffered a loss of approximately $3.9 million in cryptocurrency after an unauthorized contract upgrade facilitated asset withdrawals through a multisig hijack.

    The RondoDox botnet has been actively exploiting the critical React2Shell flaw (CVE-2025-55182, CVSS score 10.0) in a nine-month campaign. This botnet targets Internet of Things (IoT) devices and Next.js web servers, infecting them with malware and cryptominers, a campaign detailed by CloudSEK researchers.

    Trust Wallet revealed that the second iteration of the Shai-Hulud supply chain attack in November 2025 was responsible for the theft of approximately $8.5 million from its Google Chrome extension. Attackers gained access to the extension's source code by exploiting exposed Developer GitHub secrets.

    The threat actor known as DarkSpectre has been linked to three malicious browser extension campaigns, ShadyPanda, GhostPoster, and DarkSpectre itself, which have collectively impacted 8.8 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is attributed to a Chinese threat actor.

    Retrospective analysis highlights the severe impact of zero-day exploitations against Ivanti's mobile device management platform (EPMM) in April/May, which led to the compromise of thousands of organizations by a Chinese Advanced Persistent Threat (APT) group.

    The European Space Agency (ESA) confirmed a data breach after a hacker, operating under the moniker "888" on BreachForums, offered to sell 200 GB of data allegedly stolen from the organization. The compromised data included source code, API and access tokens, configuration files, credentials, and confidential documents from private Bitbucket repositories, affecting a limited number of external servers supporting unclassified scientific collaboration.

    Singapore's Cyber Security Agency (CSA) has issued a warning regarding a maximum-severity remote code execution (RCE) vulnerability, CVE-2025-52691 (CVSS score 10.0), in SmarterMail email server software. The flaw allows unauthenticated attackers to upload arbitrary files, impacting versions Build 9406 and earlier, with an urgent recommendation to update to SmarterMail version Build 9413.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-55182 Critical
    CVE-2025-52691 Critical

    Malware Families

    Shai-Hulud