In 2025, the ShinyHunters extortion gang targeted PornHub, threatening to expose adult content activity data unless paid. Meanwhile, ClickFix social engineering attacks tricked users into infecting their devices. Let’s not forget the hilarious irony of hackers using deepfake Zoom calls—proof that even in cybersecurity, laughter is the best malware!

Trust Wallet confirms a second Shai-Hulud supply-chain attack on its Chrome extension, resulting in $8.5 million in crypto theft. Malicious code was published with a leaked API key, compromising sensitive wallet data. Trust Wallet rolled back the compromised version and strengthened security measures while reimbursing affected users.

The first ThreatsDay Bulletin of 2026 highlights how cybercriminals are getting smarter, not louder. This year, it’s all about subtlety and precision. Hackers aren’t taking breaks; they’re just perfecting their craft. In 2026, the threats that matter don’t shout. They blend in — until they don’t. Stay alert, because the game has changed.

The RondoDox botnet has turned the critical React2Shell flaw (CVE-2025-55182) into its personal playground, infecting Next.js servers with malware and cryptominers. It’s like a cyber soap opera where IoT devices and web apps are the unsuspecting stars, and the RondoDox botnet is the drama-loving director.

Cybersecurity researchers have revealed a nine-month RondoDox botnet campaign targeting IoT devices and web apps. Leveraging the React2Shell flaw, threat actors drop cryptocurrency miners with quirky names like “/nuts/poop”. To dodge this digital chaos, update Next.js, firewall up, and keep an eye on suspicious activities.

Cybersecurity in 2025 was like a digital soap opera, with plot twists in cyber threat detection vendors pulling out of MITRE evaluations, criminal proxy networks transforming IoT devices into rogue agents, and hackers weaponizing QR codes in quishing attacks. Meanwhile, AI hallucinations birthed slopsquatting threats, adding a surreal twist to the year’s security landscape.

When it comes to social media laws, states are trying to be the strict parents with curfews. But courts and the EFF keep saying, “Not so fast.” These laws struggle to pass the constitutional vibe check, as they infringe on First Amendment rights. Turns out, there’s no “kid exception” to free speech.

In 2025, Congress took a swing at the internet with age-verification legislation in the name of “protecting kids online.” Yet, these bills were more like a privacy piñata, spilling out surveillance, censorship, and government overreach. Thankfully, strong opposition stalled these efforts, but the battle for digital rights continues.

The 2026 mayoral inauguration of Zohran Mamdani in New York City has banned the Flipper Zero and Raspberry Pi devices. While you can bring your laptop and smartphone, these tech-savvy gadgets apparently pose a greater threat than your average firecracker or drone. Perhaps they just want to avoid a hacking hootenanny!

A hacker named 888 claims to have breached the European Space Agency, alleging the theft of over 200 GB of sensitive data. Offering the loot on DarkForums for Monero, 888 flaunts screenshots of internal ESA environments, making this breach sound more like a space opera than a tech crime.

Ivanti Endpoint Manager Mobile zero-day attacks turned into a cyber-Disneyland for attackers, exploiting patching lags to gain enterprise-wide control. With privileged access, adversaries manipulated smartphones, intercepted data, and went on phishing sprees. The lesson? Prioritize securing Internet-facing applications and keep an eye on “normal” admin behavior to prevent future security carnival rides.

Trust Wallet’s Chrome extension hack, linked to the Shai-Hulud outbreak, led to an $8.5 million crypto heist. The attacker dodged standard release protocols, sneaking in a trojanized update. Now, Trust Wallet is sorting reimbursements while beefing up security to ensure no more uninvited guests crash the extension party.

The European Space Agency has confirmed a data breach after a hacker, using the moniker “888,” attempted to sell 200 GB of allegedly stolen data. The breach, which affected a few external science servers, has ESA scrambling faster than a rocket launch to investigate and secure the compromised systems.

The Everest ransomware group has struck again, releasing 1TB of stolen ASUS data. After ASUS missed the group’s 24-hour response window, the gang leaked the data online. This includes sensitive information on AI models and more, now circulating on cybercrime forums, as reported by Hackread.com.

The European Space Agency has experienced another security breach, downplaying it as a limited impact incident. Meanwhile, cybercriminals gleefully claim they’ve snagged 200 GB of data, including confidential documents and source code. Once again, ESA insists the affected systems are external, but it’s starting to look like a cosmic pattern!

The DarkSpectre attack campaign has hit 2.2 million users through malicious browser extensions on Chrome, Edge, and Firefox. Not content with Zoom-bombing, this Chinese threat actor is now targeting your corporate meeting minutes. Who knew your boss’s 90-minute PowerPoint snooze-fest was worth stealing?

Unleash Protocol, the decentralized IP platform, suffered a $3.9 million crypto loss after an unauthorized contract upgrade. The attacker, acting like a digital Houdini, used multisig governance to withdraw assets. As Unleash investigates this crypto caper, users are urged to steer clear until further notice.

Singapore’s Cyber Security Agency warns of a critical SmarterMail flaw, CVE-2025-52691, that allows unauthenticated remote code execution. This vulnerability could let hackers turn your mail server into their personal playground. If you’re still using SmarterMail Build 9406 or earlier, it’s time to update before the hackers RSVP.

The RondoDox botnet is on a rampage, exploiting the React2Shell flaw to infect Next.js servers with cryptominers. It’s like a digital version of a bad houseguest—sneaky, persistent, and always ready to crash your party. Time to audit those Next.js Server Actions before RondoDox turns your network into its personal playground!

When the cloud takes a nap, your always-connected devices throw a tantrum. From sleep disruptions to smart home chaos, it’s like the Internet of Things decided to skip school and party instead.