Svoboda Cybersecurity Brief December 27, 2025

Trust Wallet Chrome Extension Compromised in $7M Crypto Theft

Trust Wallet confirmed a supply chain attack where a malicious Chrome extension update (v2.68.0) exfiltrated wallet seed phrases to an attacker-controlled domain (api.metrics-trustwallet[.]com), draining $7M in crypto. A parallel phishing campaign (fix-trustwallet[.]com) targeted victims seeking “fixes.”
Impact: $7M stolen, with funds laundered via exchanges like ChangeNOW and KuCoin.
Mitigation: Update to v2.69, disable v2.68, and migrate funds to new wallets with fresh seed phrases.
Source: BleepingComputer

Evasive Panda APT Deploys MgBot via DNS Poisoning

China-linked Evasive Panda conducted a targeted campaign (2022–2024) using DNS poisoning to deliver MgBot malware via trojanized updates (e.g., SohuVA, Baidu iQIYI). The attack involved multi-stage payloads, custom encryption (DPAPI+RC5), and geographic/IP-based targeting.
Impact: Long-term espionage in Türkiye, China, and India, with data exfiltration capabilities.
Mitigation: Monitor DNS anomalies, restrict unauthorized updaters, and inspect network traffic for suspicious domains.
Source: The HackerNews

Critical LangChain Core Flaw Allows Secret Theft via Serialization

CVE-2025-68664 (CVSS 9.3) in LangChain Core lets attackers inject malicious “lc” keys during serialization, potentially leaking secrets (e.g., env variables) or executing code via Jinja2 templates. Affects versions 1.0.0–1.2.4 and <0.3.81.
Impact: Unauthorized secret access, prompt injection, and possible RCE in LLM workflows.
Mitigation: Update to langchain-core 1.2.5/0.3.81, disable secrets_from_env, and restrict allowed objects.
Source: The HackerNews

Fake GrubHub Emails Push Crypto Scam

Scammers impersonated GrubHub in phishing emails promising 10x returns on crypto investments, leveraging social engineering to steal funds.
Source: BleepingComputer

Share this brief: https://svo.bz/L3el