Hello everyone! It's been a busy day in the cyber world with significant breaches affecting cryptocurrency users and national services, new insights into nation-state APT activity, and a look at how AI is reshaping both attacks and defences. Let's dive in:

Trust Wallet Chrome Extension Breach ⚠️
- Trust Wallet's Chrome extension version 2.68.0 was compromised, leading to an estimated $6-7 million in cryptocurrency losses for users.
- Malicious code was embedded in the extension, exfiltrating mnemonic phrases to an attacker-controlled server, api.metrics-trustwallet[.]com, which was registered shortly before the incident.
- Trust Wallet has confirmed the incident, urged users to update to version 2.69 immediately, and committed to refunding all affected users, while a parallel phishing campaign exploited the panic.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/trust-wallet-chrome-extension-hack-tied-to-millions-in-losses/
📰 The Hacker News | https://thehackernews.com/2025/12/trust-wallet-chrome-extension-bug.html

French Postal Service Hit by Pro-Russian Hackers 🚨
- Pro-Russian group NoName057(16) claimed responsibility for a DDoS attack that disrupted France's national postal service, La Poste, and its banking arm, La Banque Postale, just before Christmas.
- The attack temporarily knocked key digital systems offline, affecting parcel tracking and slowing mail distribution, though La Poste stated no customer data was compromised.
- French authorities have opened an investigation, with the domestic intelligence agency DGSI taking over the probe, focusing on the deliberate disruption of a data processing service.

🗞️ The Record | https://therecord.media/pro-russia-hackers-claim-attack-la-poste

GrubHub Phishing Scam via Legitimate Subdomain 🎣
- Grubhub users received fraudulent emails from a legitimate company subdomain (b.grubhub.com) promising a tenfold return on sent cryptocurrency as part of a "Holiday Crypto Promotion."
- This is a classic crypto reward scam, luring victims to send Bitcoin to a specified wallet with the false promise of a larger return.
- Grubhub has acknowledged "unauthorized messages" to merchant partners, stating they have contained the issue and are working to prevent future occurrences, though the exact cause (e.g., DNS takeover) remains unconfirmed.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/

Evasive Panda APT Uses DNS Poisoning for MgBot Malware 🐼
- China-linked APT group Evasive Panda (also known as Bronze Highland, Daggerfly, StormBamboo) conducted a highly targeted cyber espionage campaign using DNS poisoning.
- The group manipulated DNS requests to deliver its MgBot backdoor, masquerading as updates for legitimate software like SohuVA, Baidu's iQIYI Video, IObit Smart Defrag, and Tencent QQ.
- MgBot is a modular implant capable of extensive data harvesting, including keystrokes, clipboard data, audio streams, and browser credentials, allowing for long-term stealthy persistence.

📰 The Hacker News | https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html

Hacker Mindset for Cyber Defence 🧠
- Remedio CEO Tal Kollender, a former video game hacker, advocates for adopting a "hacker mindset" to effectively defend against cyber threats, stating that understanding adversarial thinking is crucial.
- Her company uses AI to proactively identify and auto-remediate vulnerabilities, misconfigurations, and compliance gaps across corporate devices.
- The increasing use of AI by attackers to accelerate reconnaissance and exploitation means defenders must also leverage AI to keep pace, making cybersecurity a battle of AI versus AI.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/video_game_hacker_turned_ceo/

AI's Impact on Cybersecurity Tabletop Exercises 🛡️
- Cybersecurity tabletop exercises are evolving to account for AI, both in terms of how attackers use AI to find and exploit bugs faster, and how defenders can integrate AI into their response strategies.
- Organisations need to simulate scenarios involving rapid exploitation of CVEs (within minutes of publication) and AI-powered phishing, while also securing their own AI systems against prompt injection and data exfiltration.
- Experts recommend incorporating "analog friction" like mandatory out-of-band verification for deepfake-driven requests and practising offline business operations, emphasising process over technology when trust in digital information is compromised.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/26/end_of_year_tabletop_exercises/

#CyberSecurity #ThreatIntelligence #CryptoHack #DDoS #Phishing #APT #EvasivePanda #MgBot #AIinCyber #TabletopExercises #InfoSec #IncidentResponse

At the recent #RSAC2025 conference, LMG Security's @sherridavidoff and @MDurrin drew packed crowds with their sessions on how hackers use AI to exploit stolen source code and a hands-on tabletop lab exploring deepfake cyber extortion.

We’ve received a lot of inquiries about these sessions! If you couldn’t attend RSA and you're interested in these topics, we also offer custom training and tabletop exercises to help your team prepare for the next generation of AI-powered cyber threats.

Contact us to learn more: https://www.lmgsecurity.com/contact-us/

#Cybersecurity #AIsecurity #AI #TabletopExercises #CISO #Infosec #RiskManagement #IT #Deepfake #CIO #DFIR #ITsecurity

Here's a new blog post from me! It's a small "book" review, which is actually a workbook with some essays at the beginning.

The short book is Maj. John Schmitt's exercise book on Tactical Decision Games (TDGs) for the Marines (and likely other branches), and I noticed how much the philosophy behind them is shared with the sorts of Practice of Practice games we play to understand the system and prepare ourselves for incidents.

https://www.sounding.com/2025/05/02/schmitt-tdg-sre/

#SRE #TDG #PracticeOfPractice #TabletopExercises #OperationalReadiness #IncidentResponse #TacticalDecisionGames #Resilience #ResilienceEngineering #ReliabilityEngineering

A scenario for tomorrow's tabletop exercise at a client: "All user and service accounts (logins) in the local Microsoft Active Directory Domain have had their passwords reset. No user or service can authenticate to the local domain or resources."

This instance should have like a wiki of tabletop exercise scenarios.

#tte #TabletopExercises #funconsulting #consulting

Watch Shanni Prutchi discuss how to fortify your organization's incident response capabilities through combined #redteaming and tabletop exercises. Explore attack detection, response, and the importance of established processes in this video session.
https://bfx.social/3Qtn7Cd

#tabletopexercises #offensivesecurity #incidentresponse

Join Bishop Fox's @alethe and @metacompliance for an upcoming webcast as they dive into the crucial aspects of attack simulation & #incidentmanagement in today's rapidly evolving digital landscape.

They'll also discuss the role of ongoing cyber awareness training as well as practical insights into conducting #tabletopexercises. Save your spot today!

https://bfx.social/44lUAU4