Daily Security Briefing #120
- DjediTech
- Security , Newsletter
- December 31, 2025
Table of Contents
December 31, 2025 | Read Online
LinkedIn job scams worldwide, AI-driven NeuroSploit v2 revolutionizes pen testing, GlassWorm targets macOS via VS Code extensions…
Executive Summary
Today’s cybersecurity landscape highlights significant threats in both social engineering and emerging AI-powered defense tools. Diverse LinkedIn job scams exploit regional employment patterns, while NeuroSploit v2 introduces advanced AI-driven automation to penetration testing, promising to reshape offensive security operations. Meanwhile, macOS users face new dangers from the GlassWorm malware leveraging VS Code extensions as attack vectors. Supply chain and browser extension compromises remain prominent, highlighted by the $8.5 million Trust Wallet breach and widespread DarkSpectre campaigns. Finally, geopolitical and event security measures adapt with device bans and evolving cybercrime methodologies.
Top Articles
LinkedIn Job Scams Exploit Regional Employment Trends
Scammers worldwide are tailoring LinkedIn job frauds to local job market peculiarities: leveraging tech job demand in India, exploiting informal job economies in Mexico, and fake personal referrals in Kenya’s unorganized recruitment sector. These schemes reflect the adaptability of social engineering tactics across diverse geographies.
Schneier
NeuroSploit v2 Launches as AI-Powered Penetration Testing Framework
The second version of NeuroSploit introduces cutting-edge large language model (LLM) technology to automate vulnerability assessments, threat simulation, and security analysis. This modular framework enhances offensive security workflows by integrating specialized AI agent roles, pushing pen testing into new efficient and ethical frontiers.
GBHackers | CyberPress
GlassWorm Malware Evolves, Targeting macOS via VS Code Extensions
GlassWorm has resurged with a focus on macOS, embedding itself in three malicious VS Code extensions found on the Open VSX marketplace. The attack infrastructure supports over 50,000 downloads, demonstrating how development tools remain a critical vector for malware distribution on Apple platforms.
GBHackers
ErrTraffic v2 Automates “ClickFix” Social Engineering Scams
New toolkit ErrTraffic commercially industrializes deceptive overlays that trick victims into running malicious scripts manually. Available on Russian cybercrime forums for about $800, it epitomizes growing automation in social engineering attacks, lowering barriers for threat actors.
CyberPress
Trust Wallet Chrome Extension Hack Results in $8.5 Million Theft
The second Shai-Hulud supply chain attack in late 2025 compromised Trust Wallet’s Chrome extension by exposing developer GitHub secrets, allowing attackers to steal approximately $8.5 million in cryptocurrency assets from users.
TheHackerNews
DarkSpectre Browser Extension Campaigns Impact Millions Globally
A Chinese threat actor linked to campaigns such as ShadyPanda and GhostPoster also runs DarkSpectre, infiltrating Chrome, Edge, and Firefox browsers with malicious extensions. Over 2.2 million users alone are affected in this latest campaign, underscoring risks in browser extension supply chains.
TheHackerNews
NYC Mayoral Inauguration Bans Flipper Zero and Raspberry Pi Devices
Security protocols for the 2026 mayoral inauguration have banned certain hack-friendly devices including Flipper Zero and Raspberry Pi to prevent potential exploit risks during the event. This reflects growing concern over physical security and hardware-related threats at public functions.
BleepingComputer
Unleash Protocol Loses $3.9 Million After Multisig Contract Hijack
An unauthorized smart contract upgrade enabled hackers to withdraw roughly $3.9 million in cryptocurrency from the decentralized Unleash Protocol, demonstrating persistent vulnerabilities in multisig wallet security.
BleepingComputer
Anticipated AI Transformations in 2026
Experts foresee AI becoming verifiable—not just trustworthy—signaling a shift toward measurable accountability in AI models, alongside other foundational advances that will shape cybersecurity and technology in 2026.
DanielMiessler
Cybersecurity Trends to Watch in 2026
Industry thought leaders predict evolving defensive strategies and regulatory changes in the coming year, emphasizing adaptive risk management, AI integration, and a focus on supply chain and social engineering threats.
DanielMiessler
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.