A long-running malicious browser-extension ecosystem (“ShadyPanda”) that used trusted marketplace distribution and silent updates to enable large-scale surveillance (URLs, searches, clicks, fingerprints) and, in some cases, hourly remote code execution via downloaded JavaScript, affecting millions of Chrome and Edge users.

Resilience, Attack Surface, and Exposure (RASE)

A security researcher used automated TruffleHog scans across all 5.6 million public GitLab Cloud repositories and found 17,430 live secrets tied to 2,804 domains—including cloud, database, messaging, and OpenAI keys—showing that many organizations still expose long-lived credentials in public code despite some revocations after notification.

PRC state-sponsored cyber actors are deploying the BRICKSTORM backdoor to maintain long-term, stealthy access to VMware vSphere and related Windows infrastructure in government and IT organizations, enabling persistent control, lateral movement, and data exfiltration.

Iran-aligned MuddyWater is running a focused cyberespionage campaign against Israeli and Egyptian organizations, deploying new custom tools such as the Fooder loader, MuddyViper backdoor, credential stealers, and reverse tunnels to improve stealth, persistence, and credential theft against government and critical infrastructure networks.

Resilience, Attack Surface, and Exposure (RASE)

Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware