A multi‑year operation dubbed ShadyPanda, analysed by Koi Security, illustrates how seemingly harmless browser add‑ons can quietly turn into powerful spyware. Over the course of the campaign, threat actors published 145 malicious extensions for Google Chrome and Microsoft Edge, amassing more than 4.3 million installations since 2018 and remaining partially active into 2024. ShadyPanda campaign: … Read more
The React ecosystem is facing a critical security issue: CVE-2025-55182, informally dubbed React2Shell, a 10.0/10 CVSS remote code execution (RCE) vulnerability in React 19 Server Components. The flaw allows an unauthenticated attacker to execute arbitrary JavaScript code on vulnerable servers, posing systemic risk to modern web applications built with React and frameworks such as Next.js. … Read more
Users from CIS countries, including Belarus, have begun to encounter mandatory YouTube age verification when trying to access videos marked as “18+”. The platform now prompts for “additional information” to confirm that the viewer is legally an adult, and similar checks are being reported by Russian users who access YouTube via foreign IP addresses or … Read more
Leroy Merlin’s French division has notified customers of a cyberattack that resulted in the exposure of part of its customer database. While the incident reportedly affects only users registered in France and did not compromise banking data or account passwords, it still creates a favourable environment for targeted phishing and social engineering attacks. Leroy Merlin … Read more
Security analysts from F6 (Digital Risk Protection) have identified a large-scale malicious campaign targeting Android users in Russia. Cybercriminals are distributing an Android banking trojan under the guise of “extended,” “premium,” and “18+” versions of popular apps such as YouTube and TikTok, promising access to blocked content and ad‑free video playback. Android banking trojan campaign: … Read more
A large-scale cybercrime investigation in South Korea has revealed the compromise of more than 120,000 IP surveillance cameras installed in private homes, businesses, and medical facilities. The case demonstrates how unchanged default passwords on internet-connected cameras can quickly turn everyday security systems into powerful tools for covert surveillance and privacy abuse. Scale of the IP … Read more
A large-scale analysis of public GitLab Cloud repositories has revealed tens of thousands of exposed credentials and API keys that are still valid and usable. The findings highlight how widespread hardcoded secrets in source code remain and how easily they can be abused to compromise corporate infrastructure, cloud services, and production data. Scale of the … Read more
SmartTube, a popular open‑source YouTube client widely installed on Android TV devices, TV boxes, and streaming sticks like Amazon Fire TV, has been at the center of a serious cybersecurity incident. The developer has confirmed that the application’s signing keys were compromised, allowing attackers to push a maliciously modified yet seemingly “official” update to users. … Read more
A new Android banking trojan called Albiriox has surfaced on Russian‑language cybercrime forums, where it is being sold under a Malware‑as‑a‑Service (MaaS) model. According to researchers at Cleafy, this approach dramatically lowers the entry barrier for financially motivated attackers and supports rapid scaling of mobile fraud campaigns worldwide. Malware-as-a-Service: how the Albiriox trojan is commercialised … Read more
On 23 November 2025, some Exchange Online customers using the new Outlook client began reporting that Excel attachments could no longer be opened from the email window. Instead of launching normally, the client displayed the generic error message “Try opening the file again later”. Microsoft has acknowledged the issue under incident ID EX1189359 and started … Read more
