CyberNews: 02/01/2026 Edition

Today’s roundup

Summary

A fourth wave of the "GlassWorm" campaign is actively targeting macOS developers. Threat actors are distributing malicious VSCode/OpenVSX extensions that deliver trojanized versions of legitimate crypto wallet applications, aiming to compromise cryptocurrency assets. This campaign highlights a persistent threat vector against software development environments and user financial assets.

Cybersecurity researchers have identified a multi-stage phishing campaign that abuses Google Cloud's Application Integration service. Attackers are impersonating legitimate Google-generated messages, sending emails from a trusted Google Cloud infrastructure email address to distribute malicious content. This tactic exploits the inherent trust associated with Google's domains to bypass security filters and enhance the credibility of the phishing attempts.

Trust Wallet has confirmed a second "Shai-Hulud" supply-chain attack on its Chrome browser extension (version 2.68), resulting in the theft of approximately $8.5 million in cryptocurrency. The incident, occurring between December 24-26, 2025, involved attackers utilizing a leaked Chrome Web Store API key and exposed developer GitHub secrets to publish a tampered extension. Malicious code within the extension exfiltrated seed phrases and sensitive wallet data, disguised in telemetry, to a domain hosted by Stark Industries Solutions, a bulletproof hosting provider. Trust Wallet has since rolled back the compromised extension to a secure version (2.69), issued urgent user warnings, and initiated a reimbursement process for affected users, with further security enhancements underway and a verification tool expected in version 2.70.

Want to dig deeper?

Malware Families