TECHZONE™

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government https://thehackernews.com/2026/01/russia-aligned-hackers-abuse-viber-to.html The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. "This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025," the 360 Threat Intelligence Center said in

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks https://thehackernews.com/2026/01/kimwolf-android-botnet-infects-over-2.html The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. "Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality," the company said in an analysis published last week. Kimwolf

⚡ Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More https://thehackernews.com/2026/01/weekly-recap-iot-exploits-wallet.html The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions,

The State of Cybersecurity in 2025: Key Segments, Insights, and Innovations  https://thehackernews.com/2026/01/the-state-of-cybersecurity-in-2025key.html Featuring: Cybersecurity is being reshaped by forces that extend beyond individual threats or tools. As organizations operate across cloud infrastructure, distributed endpoints, and complex supply chains, security has shifted from a collection of point solutions to a question of architecture, trust, and execution speed. This report examines how core areas of cybersecurity are evolving in

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act https://thehackernews.com/2026/01/bitfinex-hack-convict-ilya-lichtenstein.html Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump's First Step Act. According to the Federal Bureau of Prisons' inmate locator

New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code https://thehackernews.com/2026/01/new-vvs-stealer-malware-targets-discord.html Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and tokens. The stealer is said to have been on sale on Telegram as far back as April 2025, according to a report from Palo Alto Networks Unit 42. "VVS stealer's code is obfuscated by Pyarmor," researchers

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document

The ROI Problem in Attack Surface Management https://thehackernews.com/2026/01/the-roi-problem-in-attack-surface.html Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.  Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.  This gap between effort and

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate Google-generated messages by abusing Google Cloud's Application Integration service to distribute emails. The activity, Check Point said, takes advantage of the trust associated with Google Cloud infrastructure to send the messages from a legitimate email address ("

ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to job scams, are rewriting what “cybercrime” looks like in

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial access vector, CloudSEK said in an

How To Browse Faster and Get More Done Using Adapt Browser https://thehackernews.com/2026/01/how-to-browse-fast-using-a-lightweight-browser.html As web browsers evolve into all-purpose platforms, performance and productivity often suffer.  Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions and introduce unnecessary friction, especially for users who rely on the browser as a primary work environment. This article explores how adopting a lightweight, task-focused browser, like

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the

IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass https://thehackernews.com/2025/12/ibm-warns-of-critical-api-connect-bug.html IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw. "IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain

Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry https://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.html Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month. The npm package that embeds the novel Shai Hulud strain is "@vietmoney/react-big-calendar," which was uploaded to npm back in March 2021 by a user named "hoquocdat." It was updated for the first time on

U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware https://thehackernews.com/2025/12/us-treasury-lifts-sanctions-on-three.html The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any

Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in an

How to Integrate AI into Modern SOC Workflows https://thehackernews.com/2025/12/how-to-integrate-ai-into-modern-soc.html Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problems