Daily Security Briefing #115

December 26, 2025 | Read Online

Critical LangChain vulnerability risks leaking secrets, Trust Wallet extension hack causes $7M crypto loss, Google allows Gmail address changes

Executive Summary

Today’s cybersecurity landscape reveals critical vulnerabilities impacting AI frameworks and widely used cryptocurrency services. A severe flaw in LangChain poses risks of secret exposure and remote code execution, underscoring increasing challenges in securing AI tooling. Meanwhile, Trust Wallet’s compromised Chrome extension results in multimillion-dollar crypto theft, highlighting ongoing threats to digital assets via supply-chain attacks. Google’s new option for changing Gmail addresses signals major usability improvements but raises fresh privacy considerations. The continuous activity of advanced persistent threat groups, alongside emerging scams like cryptocurrency phishing, pose persistent risks as the cyber ecosystem prepares for AI-driven development in 2026.

Top Articles

Critical LangChain Vulnerability Allows Attackers to Steal Sensitive Secrets
A critical flaw (CVE-2025-68664) in LangChain’s core library allows attackers to extract environment variables and potentially execute malicious code by exploiting serialization injection. Disclosed by security researcher Yarden Porat, this vulnerability affects one of the most widely adopted AI frameworks, posing serious risks for application security. Immediate patching is advised to mitigate sensitive data exposure.
GBHackers | CyberPress

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
Trust Wallet confirmed that a compromised version 2.68 of its Chrome extension led to approximately $7 million in cryptocurrency theft. The malicious update affected around one million users, prompting urgent patch releases and security warnings. Reports indicate attackers exploited the extension to drain wallets, compounding risks from phishing domains targeting Trust Wallet users.
TheHackerNews | BleepingComputer

Google Introduces Option to Change @gmail.com Email Addresses
Google is gradually rolling out a feature enabling users to change their Gmail usernames without creating a new account. This marks a significant shift, addressing longstanding complaints about inflexible email handles. While simplifying account management, the change may introduce new challenges related to email identity and security.
GBHackers | CyberPress

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware
A China-linked APT group, dubbed Evasive Panda, conducted targeted DNS poisoning attacks between 2022 and 2024 to distribute its MgBot backdoor malware. The campaign affected victims in Türkiye, China, and India, demonstrating sophisticated domain hijacking techniques to bypass detection and deliver espionage tools.
TheHackerNews

Fake GrubHub Emails Promise Tenfold Return on Sent Cryptocurrency
Cybercriminals have sent fraudulent emails pretending to be from GrubHub, offering a tenfold bitcoin return for transferring cryptocurrency to specified wallets. These phishing scams exploit trust in the brand and aim to steal funds through false promises of large payouts. Recipients should exercise caution and verify legitimacy.
BleepingComputer

Mentorship and Diversity: Shaping the Next Generation of Cyber Experts
Patricia Voight, CISO at Webster Bank, highlights the importance of mentorship and diversity in developing cybersecurity talent. Her insights emphasize strategies to combat financial crimes and foster inclusive career growth within the evolving threat landscape.
DarkReading

As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026
The growing use of AI in code generation brings productivity gains but introduces security challenges in the software development lifecycle. Experts warn that prioritizing secure coding and pipeline controls will be essential in 2026 to prevent vulnerabilities and supply-chain risks related to AI-assisted development.
DarkReading

Friday Squid Blogging: Squid Camouflage
New biological research reveals the complex camouflage capabilities of coleoids like squids, octopuses, and cuttlefish. Beyond communication via chromatophores, some squid species adapt their appearance dynamically to underwater environments, offering intriguing analogies for stealth and deception techniques in cybersecurity.
Schneier

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.