Cybercrime

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack

Trust Wallet has disclosed that a major security breach affecting its Google Chrome browser extension was the result of the second wave of the Shai-Hulud supply chain attack, identified in November 2025. The incident led to the theft of nearly $8.5 million in cryptocurrency assets, marking one of the most significant browser extension compromises in the crypto […]

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack Read More »

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide

Cybersecurity researchers have uncovered a large-scale malicious browser extension operation that has affected more than 8.8 million users across Google Chrome, Microsoft Edge, and Mozilla Firefox over a period exceeding seven years. The activity has been linked to a Chinese threat actor tracked by Koi Security under the name DarkSpectre. The investigation connects two previously

DarkSpectre Browser Extension Campaigns Exposed After Affecting 8.8 Million Users Worldwide Read More »

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry

Cybersecurity researchers have uncovered a new variant of the Shai-Hulud worm on the npm registry, exhibiting subtle modifications compared to the previous wave detected last month. The compromised npm package, “@vietmoney/react-big-calendar“, was originally uploaded in March 2021 by a user named “hoquocdat” and was recently updated to version 0.26.2 on December 28, 2025. Since its initial

Modified Shai-Hulud Worm Detected Testing Payload on npm Registry Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media

The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain,

Nomani Investment Scam Jumps 62% Using AI Deepfake Ads on Social Media Read More »

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips

The U.S. Securities and Exchange Commission (SEC) has brought charges against several companies accused of running a large scale cryptocurrency investment scam that defrauded retail investors of more than 14 million dollars by promoting fake artificial intelligence based trading strategies. According to the SEC’s complaint, the alleged fraud involved crypto trading platforms Morocoin Tech Corp.,

SEC Files Charges Over $14 Million Crypto Scam Using Fake AI Themed Investment Tips Read More »

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty

A large scale law enforcement operation led by INTERPOL has resulted in the arrest of 574 suspects across Africa and the recovery of approximately three million dollars, marking a significant step in the global fight against cybercrime. The month long initiative, known as Operation Sentinel, was carried out between October 27 and November 27, 2025. The

INTERPOL Arrests 574 Across Africa as Ukrainian Ransomware Affiliate Pleads Guilty Read More »

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme

The U.S. Department of Justice (DoJ) has announced the seizure of a fraudulent web domain and its associated database that were used to support a large scale bank account takeover operation targeting American victims. According to officials, the seized domain web3adspanels[.]org functioned as a backend control panel where cybercriminals stored and managed stolen online banking credentials. Visitors

U.S. DoJ Seizes Fraud Domain Linked to 14.6 Million Dollar Bank Account Takeover Scheme Read More »

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have uncovered a malicious software package hosted on the npm repository that masquerades as a fully functional WhatsApp API while secretly stealing sensitive user data and granting attackers persistent access to victims’ WhatsApp accounts. The package, called lotusbail, has been downloaded more than 56,000 times since it was published in May 2025 by

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Read More »

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale

Cybersecurity researchers are warning about a rapidly evolving Android malware ecosystem where threat actors are combining malicious droppers, SMS stealing functions, and full remote access capabilities to target users at scale. Recent investigations show that users in Uzbekistan are being actively targeted through fake applications that silently deploy advanced malware once installed. According to an

Android Malware Campaigns Combine Droppers, SMS Theft, and RAT Capabilities at Scale Read More »