Author: PulauWin

Internet Security

Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen

January 1, 2026 add comment
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain... Read more »
Internet Security

React2Shell under attack: RondoDox Botnet spreads miners and malware

January 1, 2026 add comment
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182)... Read more »
The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

January 1, 2026 add comment
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm registry to... Read more »
Security of TechRepublic

Microsoft Makes Teams ‘Secure by Default’ Starting January 2026

December 31, 2025 add comment
Microsoft will enable Teams messaging security by default in January 2026, blocking risky files and malicious links to protect against AI-driven threats. The post Microsoft Makes Teams ‘Secure by... Read more »
Security of TechRepublic

Apache StreamPipes Flaw Lets Anyone Become Admin

December 31, 2025 add comment
A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication. The post Apache StreamPipes Flaw Lets Anyone Become Admin appeared first on TechRepublic. Read more »
Internet Security

ESA disclosed a data breach, hackers breached external servers

December 31, 2025 add comment
ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach... Read more »
Internet Security

Singapore CSA warns of maximun severity SmarterMail RCE flaw

December 31, 2025 add comment
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum... Read more »
Threatpost

Twitter Whistleblower Complaint: The TL;DR Version

December 31, 2025 add comment
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. Read more »
Internet Security

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

December 31, 2025 add comment
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift”... Read more »
Help Net Security

Duplicati: Free, open-source backup client

December 31, 2025 add comment
Duplicati is an open source backup client that creates encrypted, incremental, compressed backup sets and sends them to cloud storage services or remote file servers. What the project is... Read more »
Subscribe to our Newsletter