As the (really cool) youtube video "MAKE IT SHITTY" about a day in the life of an enshittificator keeps appearing in my timeline I can't help but comment.

The story rings true at first glance.

But: the root cause of much shit is "get free stuff on the internet".

If you want FREE shit, you get free SHIT.
(Exception: OSS)

I'm paying a tiny bit of money for kagi, pnboard.in, mailbox.org, ... - all totally great, non-shitty.

#enshittification #paytowin #adware

#ultrasonic-based, persistent #tracking isn't new.

• People just need to stop installing and/or using shitty apps and services and demand proper #privacy-first design of their devices...

#Adware #Spyware #ITsec #InfoSec #OpSec #comSec #Smartphones #Smartphone #Android #iOS #Advertising #Espionage

Jak wykupione rozszerzenia Chrome zmieniły się w malware i adware

Dzisiaj praktycznie wszystko można zrobić w przeglądarce. Korzystanie z dedykowanej aplikacji do maili, pakietu biurowego czy komunikatora nie jest konieczne, bo większość takich usług działa również w wersjach webowych. Co za tym idzie, przeglądarka staje się de facto środowiskiem do uruchamiania innych aplikacji. TLDR: A środowisko takie musi być wygodne,...

#Aktualności #Adware #Chrome #Malware #Wtyczki

https://sekurak.pl/jak-wykupione-rozszerzenia-chrome-zmienily-sie-w-malware-i-adware/

Alright team, it's been a pretty packed start to the year in cyber! We've got some interesting developments on active exploitation, new malware campaigns, and a couple of big names facing regulatory heat. Let's dive in:

Recent Cyber Attacks ⚠️

- Unleash Protocol, a decentralised IP platform, lost approximately $3.9 million in crypto due to an unauthorised smart contract upgrade, initiated by an external address gaining administrative control via multisig governance.
- A Lithuanian national was extradited to South Korea for infecting 2.8 million systems globally with clipboard-stealing malware, disguised as the KMSAuto Windows/Office activator, siphoning around $1.2 million in virtual assets.
- Amazon successfully blocked over 1,800 suspected North Korean operatives from infiltrating its workforce since April 2024, who were posing as IT workers or recruiters to steal credentials and source code, as DPRK crypto theft surged to $2 billion in 2025.

📰 The Hacker News | https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html

Actively Exploited Vulnerabilities 🛡️

- The RondoDox botnet has been actively exploiting the critical React2Shell (CVE-2025-55182, CVSS 10.0) RCE flaw in React Server Components and Next.js since December 2025, targeting IoT devices and web servers to deploy crypto miners and Mirai botnet variants.
- A coordinated campaign, primarily from Japan-based infrastructure, systematically exploited over 10 Adobe ColdFusion CVEs from 2023-2024 during Christmas 2025, leading to direct code execution, credential harvesting, and JNDI lookups.
- Researchers identified a 4-second window where AWS IAM eventual consistency allows attackers to leverage deleted access keys to create new ones, achieving persistence even after defenders believe credentials are revoked.

📰 The Hacker News | https://thehackernews.com/2026/01/rondodox-botnet-exploits-critical.html
📰 The Hacker News | https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html

New Threat Research & Malware Campaigns 🚨

- The GlassWorm supply chain campaign has resurfaced, now targeting macOS users with malicious Open VSX extensions (50,000 downloads) to steal funds from over 50 browser extension wallets, iCloud Keychain data, and developer credentials.
- OceanLotus (APT) is targeting China's Xinchuang initiative, exploiting CVE-2023-52076 (RCE in Atril document viewer) and deploying custom ELF Trojans specifically designed to bypass traditional Linux system checks on indigenous innovation platforms.
- The IPCola proxy network, offering 1.6 million IPs, is powered by the GaGaNode decentralised bandwidth monetization service, whose SDK contains a critical RCE vulnerability, enabling broad compromise of IoT, desktop, and mobile devices.
- Large-scale mobile adware campaigns, GhostAd (Android) and SkyWalk (iOS), are draining device resources and defrauding advertisers by running persistent background ad engines and serving invisible ads, respectively.
- Magecart attacks are evolving into full identity compromise, hijacking checkout and account creation flows with fake payment forms, phishing iframes, and anti-forensics techniques to steal credentials and personal information.
- A new cybercrime tool, ErrTraffic, automates "ClickFix" attacks by generating fake browser glitches on compromised websites, tricking users into installing information stealers or Android banking trojans.
- Kaspersky discovered 'Keenadu', a pre-installed backdoor in libandroid_runtime.so on certain Android tablet models, providing remote access for data exfiltration and command execution.

📰 The Hacker News | https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html

Threat Landscape & AI Concerns 🧠

- Reddit banned the r/ChatGPTJailbreak subreddit (229,000 users) for violating rules, highlighting ongoing challenges with LLM safety filters, prompt injections, and the potential for generating non-consensual deepfakes; poetic prompts were found to increase attack success rates fivefold.
- Research details "hacktivist proxy operations" where ideologically aligned non-state cyber groups conduct disruptive activities (DDoS, defacement) that align with state geopolitical interests, providing plausible deniability for the benefiting state.

📰 The Hacker News | https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html

Regulatory & Corporate Accountability ⚖️

- Reuters reported that Meta developed a "playbook" to mislead regulators about the prevalence of scam ads on its platform, by systematically deleting fraudulent ads from its Ad Library during regulatory searches.
- Disney agreed to pay a $10 million civil penalty to settle FTC allegations of violating children's privacy laws (COPPA) by misdesignating YouTube content, leading to unlawful data collection and targeted advertising without parental consent.

📰 The Hacker News | https://thehackernews.com/2026/01/threatsday-bulletin-ghostad-drain-macos.html

#CyberSecurity #ThreatIntelligence #Vulnerabilities #RCE #Botnet #Malware #APT #SupplyChain #Adware #AdFraud #CryptoScam #NationState #DPRK #AI #LLM #DataPrivacy #COPPA #RegulatoryCompliance #InfoSec #IncidentResponse