Hacker news – NuclearCoffee

Hacker news

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

On Jan 01, 2026 10:18 am, by NuclearCoffee

Jan 01, 2026Ravie LakshmananNetwork Security / Vulnerability Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications… Continue reading

Hacker news

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

On Dec 31, 2025 8:05 pm, by NuclearCoffee

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users… Continue reading

Hacker news

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

On Dec 31, 2025 6:03 pm, by NuclearCoffee

Dec 31, 2026Ravie LakshmananSoftware Security / Data Breach Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025… Continue reading

Hacker news

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry

On Dec 31, 2025 4:01 pm, by NuclearCoffee

Dec 31, 2026Ravie LakshmananCybersecurity / Malware Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight… Continue reading

Hacker news

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass

On Dec 31, 2025 1:58 pm, by NuclearCoffee

Dec 31, 2026Ravie LakshmananAPI Security / Vulnerability IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to… Continue reading

Hacker news

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

On Dec 31, 2025 7:52 am, by NuclearCoffee

Dec 31, 2026Ravie LakshmananSpyware / Mobile Security The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa… Continue reading

Hacker news

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

On Dec 30, 2025 5:38 pm, by NuclearCoffee

Dec 30, 2026Ravie LakshmananVulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email… Continue reading

Hacker news

How to Integrate AI into Modern SOC Workflows

On Dec 30, 2025 1:34 pm, by NuclearCoffee

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because… Continue reading

Hacker news

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware

On Dec 30, 2025 11:32 am, by NuclearCoffee

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called… Continue reading

Hacker news

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

On Dec 30, 2025 9:30 am, by NuclearCoffee

Dec 30, 2026Ravie LakshmananMalware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant… Continue reading

Category: Hacker news

Stay Connected