Expert analysis from Ricnology
IBM API Connect vulnerability CVE-2025-13915 rated CVSS 9.8 allows remote attackers to bypass authentication mechanisms and gain unauthorized access to enterprise API management systems without credentials, requiring immediate patching
DarkSpectre malicious browser extension campaign attributed to Chinese threat actors affects 8.8 million Chrome, Edge, and Firefox users, distributing credential-stealing malware through fake productivity extensions
Trust Wallet Chrome extension compromised via Shai-Hulud supply chain attack targeting exposed GitHub credentials, enabling attackers to inject wallet-draining malware that stole $8.5 million in cryptocurrency assets from users
IBM API Connect patches critical CVSS 9.8 authentication vulnerability CVE-2025-13915, addressing remote authentication bypass allowing unauthorized access to enterprise API management systems through authentication mechanism exploitation
DarkSpectre browser extension malware campaign infects 8.8 million users across Chrome, Edge, and Firefox platforms, stealing authentication credentials and financial data through malicious extensions distributed via official browser stores
Trust Wallet Chrome extension compromised through Shai-Hulud supply chain attack targeting developer GitHub secrets, resulting in $8.5 million cryptocurrency theft via malicious extension update affecting digital asset wallet users
IBM API Connect suffers from critical CVE-2025-13915 authentication bypass with CVSS 9.8 rating, allowing remote attackers to circumvent authentication controls and access sensitive API management systems requiring emergency security updates
DarkSpectre browser extension threat identified as Chinese-attributed campaign affecting 8.8 million Chrome, Edge, and Firefox users through malicious extensions that exfiltrate authentication tokens and financial data
Trust Wallet Chrome extension supply chain attack results in $8.5 million cryptocurrency theft through Shai-Hulud malware injection, compromising users' wallet credentials and private keys via malicious extension update distributed through Chrome Web Store
IBM API Connect vulnerability CVE-2025-13915 with CVSS 9.8 rating enables remote attackers to bypass authentication mechanisms and access enterprise API management systems, requiring immediate security updates to prevent unauthorized system compromise
DarkSpectre browser extension campaign compromises 8.8 million users across Chrome, Edge, and Firefox platforms, distributing malware through malicious extensions that steal authentication credentials and financial information via background processes
Trust Wallet Chrome extension compromised via Shai-Hulud supply chain malware resulting in $8.5 million cryptocurrency theft, exposing developer GitHub credentials allowing attackers to inject malicious code into wallet extension affecting digital asset security