ALL POSTS

Key Findings: The U.S. government has seized over $400 million in assets linked to the notorious darknet cryptocurrency mixer Helix. The assets include cryptocurrencies, real estate, and other monetary holdings previously owned by Helix's Ohio-based operator, Larry Dean Harmon. Helix processed an estimated 354,468 bitcoins, worth around $311 million at the time, through over 1.2 million transactions between 2014 and 2017. The service was popular among darknet drug dealers and

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries Key Findings Arsink is a dangerous Android Trojan that impersonates over 50 popular brands, including WhatsApp, YouTube, Instagram, and TikTok The malware has infected over 45,000 devices across 143 countries, with major clusters in Egypt, Indonesia, and Iraq Arsink grants hackers complete remote control, allowing them to record audio, read text messages, and wipe devices Background A massive new

Key Findings: Cybersecurity researchers have discovered a cluster of 29 malicious Google Chrome extensions that target e-commerce platforms like AliExpress, Amazon, Best Buy, Shein, Shopify, and Walmart. The extensions, including "Amazon Ads Blocker," automatically inject the developer's affiliate tags into product links, replacing existing affiliate codes from content creators. The extensions violate Chrome Web Store policies by misrepresenting their functionality, combining

Key Findings: Former Google software engineer Linwei Ding (also known as Leon Ding) was convicted by a federal jury on 7 counts of economic espionage and 7 counts of theft of trade secrets. Ding stole over 2,000 confidential documents containing Google's trade secrets related to artificial intelligence (AI) technology. The stolen information included details about Google's custom Tensor Processing Unit (TPU) chips, Graphics Processing Unit (GPU) systems, software orchestratin

Key Findings Johnson Controls' Metasys building automation system contains a critical vulnerability (CVE-2025-26385) with a CVSS score of 10. The flaw allows remote SQL injection, potentially enabling attackers to execute commands and take control of building environments. The vulnerability affects multiple Metasys components, including the Application and Data Server (ADS), Extended ADX, and various configuration tools. Successful exploitation could result in data alteration

Here is an article with concise key findings in bullet point format, with separate headers for each major point, and background information as the first point after the key findings. The headers are formatted using ## in markdown format, and the bullet points are formatted without any special formatting. Key Findings A new LLMjacking campaign named "Operation Bizarre Bazaar" was active between December 2025 and January 2026. Around 35,000 attack sessions were recorded during

Key Findings Kyverno, a popular Kubernetes-native policy engine, has released an urgent security update to address a critical vulnerability (CVE-2026-22039) with a maximum CVSS score of 10. The flaw allows any user with policy creation rights to effectively become a cluster admin, shattering Kyverno's isolation boundaries. The update also fixes a high-severity Denial of Service (DoS) vulnerability (CVE-2026-23881) with a CVSS score of 7.7. Background Kyverno is a Kubernetes-n

Key Findings Exploitation of public-facing applications remained the top method of initial access, though it declined from 62% to about 40% of engagements. Phishing was the second-most common tactic, notably targeting Native American tribal organizations, and credential harvesting often led to further internal attacks. Ransomware incidents continued to fall, making up only 13% of cases, with Qilin ransomware still dominant. Background Cisco Talos Incident Response's report fo

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings Google and partners disrupted IPIDEA, one of the world's largest residential proxy networks, through legal domain takedowns, intelligence sharing, and ecosystem-wide enforcement. IPIDEA's proxy infrastructure was heavily abused by cybercrime groups, espionage actors, and botnets like BADBOX 2.0, Aisuru, and Kimwolf. Over 550 tracked threat groups used IPIDEA's exit nodes in a single week, exposing users' devices and networks to compromise and abuse. Google's acti

Key Findings A malicious Microsoft Visual Studio Code (VS Code) extension named "ClawdBot Agent - AI Coding Assistant" has been discovered on the official Extension Marketplace. The extension claims to be a free artificial intelligence (AI) coding assistant for the popular open-source project Moltbot, but it stealthily drops a malicious payload on compromised hosts. The extension was published by a user named "clawdbot" on January 27, 2026 and has since been taken down by Mic

Key Findings Security firm Koi discovered a set of vulnerabilities collectively tracked as "PackageGate" affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and run malicious code hidden inside compromised dependencies. The safeguards widely promoted after the Shai-Hulud attack, such as disabling lifecycle scripts and relying on lockfiles, do not fully hold against these new "PackageGate" vu

Key Findings A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library, tracked as CVE-2026-22709. The vulnerability carries a CVSS score of 9.8 out of 10.0, indicating its high severity. The flaw allows attackers to escape the sandbox environment and execute arbitrary code on the underlying operating system. Background vm2 is a Node.js library used to run untrusted code within a secure sandboxed environment. The library intercepts and prox

Key Findings: Fortinet has released security updates to address a critical flaw (CVE-2026-24858, CVSS 9.4) impacting FortiOS, FortiManager, and FortiAnalyzer. The vulnerability is an authentication bypass related to the FortiCloud single sign-on (SSO) feature, which can allow an attacker with a FortiCloud account and a registered device to access other devices registered to different accounts. The vulnerability is actively being exploited in the wild, with Fortinet confirming

Key Findings Android game mods bundled with "Android.Phantom" malware hijack devices for covert ad fraud Malware operates in two modes - "phantom" mode for automated ad interaction and remote control mode for real-time device control Uses machine learning techniques to mimic user behavior and avoid detection Spreads through unofficial app stores and third-party sources, not the official Google Play Store Affects popular game titles with high download counts, making it difficu

Background Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. Key Findings The activity is assessed to potentially originate from a new subgroup or another Pakistan-linked group operating in parallel with the known APT36 group. The Gopher Str

Key Findings Meta announced new Strict Account Settings on WhatsApp to enhance the security of high-risk users from advanced, targeted cyber attacks. Strict Account Settings is a lockdown-style security feature that applies the most restrictive privacy settings, limits how the app works, and blocks attachments or media from people not in your contacts. Meta is adopting the Rust programming language in WhatsApp's media sharing features to better protect photos, videos, and mes

Key Findings: React team issued urgent security advisory about incomplete fixes for Denial of Service (DoS) vulnerabilities in React Server Components New high-severity flaw CVE-2026-23864 (CVSS 7.5) allows attackers to trigger server crashes, out-of-memory exceptions, or excessive CPU usage via "specially crafted HTTP requests" Vulnerability affects React packages using server-side rendering (react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack) in v

Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa

Key Findings Apple has unveiled the AirTag 2, the successor to its popular item tracking device. The new AirTag boasts a 50% increase in Precision Finding range and a 50% louder speaker. Precision Finding is now available on the Apple Watch, allowing users to locate lost items directly from their wrist. The AirTag 2 integrates a second-generation Ultra Wideband (UWB) chip, the same as in the latest iPhone and Apple Watch models. The device can securely share its location with