A compromised Trust Wallet Chrome extension update led to the theft of over $7 million in cryptocurrency, draining user wallets and triggering a wave of phishing scams. In this episode, we break down how the supply-chain attack happened, how attackers exfiltrated seed phrases, and what crypto users should do immediately to protect their funds.

#BleepingComputers

In this episode, we break down the latest cybersecurity incidents impacting national infrastructure, automotive giants, and software developers. Tune in for a briefing on:

• La Poste Goes Dark: A major network incident, reported as a DDoS attack, has knocked offline the websites and digital services of France's national postal and banking service.Nissan’s Third-Party Breach: Nissan has confirmed that a security breach at Red Hat exposed the personal information of approximately 21,000 customers in Fukuoka, Japan
• Interpol’s Operation Sentinel: A massive coordinated effort across 19 countries resulted in 574 arrests and the seizure of servers linked to ransomware and financial scams.
• Developer Supply Chain Risks: We discuss lotusbail, a malicious npm package disguised as a WhatsApp tool that steals session keys , and "Phantom Shuttle," a malicious Chrome extension charging users a subscription to secretly steal their credentials.

#Bleepingcomputer.com

In this episode of Inside the Breach, we break down real-world cyber incidents targeting Microsoft 365, WhatsApp, AWS, and major institutions worldwide. From advanced phishing platforms and OAuth abuse to cloud cryptomining and large-scale data breaches, we explore how attackers are exploiting trust, automation, and misconfigurations. Designed for security professionals, IT teams, and decision-makers, this episode delivers practical insights to help you recognize emerging threats and strengthen your defenses before the next attack hits.

#bleepingcomputer.com

Ransomware attackers are shifting tactics and hypervisors are now in their crosshairs.

In this episode, we uncover why virtualization platforms like ESXi and Hyper-V have become prime targets for modern ransomware operations. A single compromise at the hypervisor level can give attackers control over dozens or even hundreds of virtual machines, bypassing traditional endpoint defenses entirely.

We break down real-world attack techniques, how threat actors move laterally to hypervisors, and why limited visibility at this layer makes detection so difficult. You’ll also hear practical security strategies, from access control and segmentation to patching, monitoring, and immutable backups, that can help reduce risk and improve recovery.

Whether you manage virtual infrastructure or make security decisions for your organization, this episode explains why hypervisor security can no longer be an afterthought.

A new Android malware-as-a-service called Cellik is changing how mobile attacks work by hiding malicious code inside apps that look and function like legitimate Google Play Store downloads.

In this episode, we break down how Cellik allows attackers to trojanize trusted apps, bypass user suspicion, and potentially evade mobile security protections. We explore its powerful capabilities, including screen streaming, credential theft, hidden browser abuse, and real-time device control and why this represents a serious shift in mobile threat tactics.

Whether you’re an Android user, IT professional, or security leader, this episode explains what’s happening, why it matters, and the practical steps you should take to protect your devices from stealthy mobile malware.

#Bleepingcomputer

In this episode, we break down Google’s decision to shut down its Dark Web Report feature and what it means for everyday users and security professionals alike. Once designed to alert users when personal data surfaced on the dark web, the tool will officially stop monitoring in January 2026 raising questions about visibility, accountability, and user protection.

We also explore the broader threat landscape, including newly linked Chinese hacking groups exploiting critical vulnerabilities, a surge in Chrome zero-day exploits, and the rise of malware campaigns abusing trusted platforms like ChatGPT and Google Ads.

Whether you’re a cybersecurity professional or just trying to stay safe online, this episode delivers practical insights, real-world implications, and what steps you should take next to protect your digital identity.

#bleepingcomputer.com

By the end of this training, you will be able to:

• Identify common AI-related threats (prompt injection, data leaks, zero-click attacks, model manipulation).
• Recognize how AI tools like ChatGPT, Gemini, Perplexity, Copilot, and AI IDEs can introduce risk.
• Protect company data when using AI tools.
• Safely interact with AI assistants and browser-based agents.
• Report suspicious activity involving AI platforms.

This episode breaks down the latest wave of AI-driven cyber threats from zero-click Google Drive wipe attacks to critical vulnerabilities hitting React Server Components, AI IDEs, and Apache Tika. We explore how attackers weaponize polite emails, hidden URL fragments, and prompt injections to steal data, execute code, and compromise entire systems. Stay ahead with insights into the emerging risks of agentic AI and what organizations must do to protect themselves.