ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.
The post ShadyPanda Takes its Time to Weaponize Legitimate ExtensionsΒ appeared first on Security Boulevard.
A security researcher has unveiled a novel web exploitation technique dubbed βSVG clickjacking,β which significantly elevates the sophistication of traditional user-interface redress attacks. Unlike standard clickjacking, which typically involves tricking users into clicking a hidden button on a static overlay, this new method allows attackers to create complex, responsive, and highly interactive fake interfaces that [β¦]
The post New SVG Technique Enables Highly Interactive Clickjacking Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
A 21-year-old Ukrainian student was tortured and burned alive in Vienna after attackers forced him to reveal passwords to his crypto wallets, emptying his digital accounts before setting him on fire in his fatherβs Mercedes.
According to local reports, two suspects, a fellow student aged 19 and a 45-year-old Ukrainian national, fled to their home country with large amounts of cash but were arrested days later by Ukrainian authorities.
The victim, Danylo K., was the son of Kharkivβs deputy mayor. His body was discovered on November 26 in a burned-out vehicle on Marlen-Haushofer-Weg in Viennaβs Donaustadt district after fire alarms alerted residents to the blaze around 12:30 a.m.
The charred remains were found in the back seat of a Mercedes S 350D bearing Ukrainian license plates beneath the Ostbahn railway line.
The attack started hours earlier in the underground parking garage of the Sofitel βSO/Viennaβ hotel on PraterstraΓe, where the 19-year-old suspect ambushed his fellow student following a loud confrontation.
A hotel guest alerted reception after hearing the altercation, prompting police to be notified.
Passersby later noticed a large pool of blood in the stairwell leading to the parking area.
Investigators say Danylo was beaten severely in the garage before being forced into his fatherβs black Mercedes.
The assailants drove him to the Donaustadt location while subjecting him to extended torture to extract his crypto wallet passwords.
His teeth were knocked out during the assault as the violence escalated over several hours.
After gaining access to two crypto accounts, the attackers doused Danylo with gasoline purchased earlier from a Wagramer Strasse station.
He was set ablaze while crouched in the back seat, suffocating on his own blood and dying from head injuries and burns that consumed 80 percent of his body.
Colonel Gerhard Winkler of the State Criminal Police Office confirmed the autopsy findings indicated suffocation or heatstroke as the decisive factors. Forensic teams recovered a melted gasoline canister from the vehicle.
Vienna police identified both suspects through surveillance footage captured at the hotel garage and the gas station where they purchased fuel canisters.
The pair crossed into Ukraine at precisely 9:07 a.m. the morning after the murder, triggering an international manhunt.
Ukrainian authorities arrested the suspects on November 29 after finding them in possession of enormous amounts of U.S. dollar bills.
Investigators believe the crypto was rapidly converted to cash following the robbery.
Austrian officials have transferred the case to Ukrainian jurisdiction, as extradition is not possible under existing agreements between the countries.
Police confirmed that Danyloβs crypto accounts were completely emptied after his murder, though authorities declined to specify the total sum stolen.
His family in Ukraine had reported him missing on November 25 after losing contact with him and discovering his digital wallets had been drained.
The wealthy student, who had been living temporarily in a luxurious apartment in Viennaβs Triiiple Tower on Landstrasseβs Danube Canal, was residing with his partner and their child at the time of his death.
Kharkiv Mayor Igor Terekhov declined to offer a detailed comment but acknowledged the tragedy, saying, βThis is a human tragedy,β while noting the loss remained a family matter for his deputy.
The murder marks Austriaβs entry into a fast-escalating pattern of violent attacks targeting cryptocurrency holders worldwide.
Security researcher Jameson Lopp has documented over 60 such βwrench attacksβ in 2025, representing a 169% surge since February and a 33% increase over all of 2024.
France leads global incidents with 14 confirmed cases, while violent robberies have been reported across Canada, the United States, and the United Kingdom this year.
β Cryptonews.com (@cryptonews) November 25, 2025
#CryptoCrime #WrenchAttackhttps://t.co/W3OLBTuACr
Last week, a British Columbia court detailed a 2024 home invasion where attackers tortured a family and stole $1.6 million in crypto after demanding 200 Bitcoin.
Similar patterns emerged in an Oxford robbery where masked assailants forced victims to transfer Β£1.1 million in crypto during a car ambush.
Analysts attribute the surge to rising crypto values, which have made holders high-value targets for criminals.
The post 21-Year-Old Burned Alive in Austria Over Crypto Assets appeared first on Cryptonews.
A crypto buyer in Trinidad was robbed of roughly $85,800 in cash during an evening ambush at a pharmacy car park, marking the latest in a fast-rising wave of global βwrench attacksβ targeting digital-asset holders.
According to a report by Trinidad and Tobago Newsday, the victim, a 52-year-old Arouca resident, drove to a SuperPharm parking lot along Trincity Central Road on November 29 to meet a man he had been trading cryptocurrency with for nearly two years.
The man, a 33-year-old from Belmont, entered the vehicle as he had done in previous transactions. The buyer then handed him a black bag containing $85,800 in cash intended for a crypto purchase.
Moments later, two armed men wearing hoodies approached both sides of the vehicle and announced a robbery. They smashed their way in, grabbed the cash and the victimsβ mobile phones, and escaped in a waiting car.
The victim later reported the incident to the Arouca Police Station. Investigators have not disclosed whether the longtime trading partner was involved or was also targeted.
The robbery occurred on the same weekend police responded to two unrelated vehicle thefts at nearby shopping centers, adding to concerns about rising property crime in the area.
A St. Joseph woman reported her Nissan B14 stolen from the One Woodbrook Place basement car park, while another woman discovered her Suzuki Vitara missing from the Trincity Mall parking lot. Police say investigations into all incidents are ongoing.
Although cash was stolen, security analysts categorize it within a growing class of physical attacks linked to digital-asset activity.
These incidents, informally referred to as βwrench attacksβ, involve criminals using violence, coercion, or kidnapping to force victims to hand over wallet credentials, sign transactions, or surrender funds.
Jameson Lopp, co-founder of security firm Casa and one of the few researchers tracking physical crypto crimes, has documented more than 60 such attacks this year, already surpassing last yearβs total by more than 30%.
β Cryptonews.com (@cryptonews) September 21, 2025
Lopp describes a 169% rise in cases since February, with France currently leading global reports at 14 confirmed incidents.
Notably, the violence attached to these crimes has escalated. Last week, a British Columbia court detailed a 2024 home invasion where a family was tied, tortured, and waterboarded as attackers demanded access to cryptocurrency.
The gang sought 200 BTC before taking $1.6 million in digital assets. One suspect, Tsz Wing Boaz Chan, later pleaded guilty and received a seven-year sentence.
In the United States, authorities are also investigating a violent robbery in San Francisco on November 24, Police have released few details and no arrests have been made.
β Cryptonews.com (@cryptonews) November 24, 2025
Similar incidents have been recorded across major cities. An Italian tourist kidnapped in New York was held for more than two weeks while captors attempted to extract his Bitcoin credentials, leading to a case that has since drawn internal scrutiny within the NYPD.
β Cryptonews.com (@cryptonews) May 30, 2025
In Chicago, six men were charged earlier this year with kidnapping residents and coercing them to transfer $15 million in crypto, with similar attacks reported worldwide.
France has seen some of the most organized efforts. Prosecutors say criminal groups have used fake delivery uniforms, pre-attack intelligence gathering, and stolen service vans to identify potential targets.
In one high-profile case earlier this year, Ledger co-founder David Balland and his wife were kidnapped for 48 hours; Balland later told investigators his finger was severed during the ordeal.
Analysts say the surge in physical crime coincides with continued strength in crypto markets, which has raised the value of private holdings and drawn criminals toward coercion rather than online hacking.
The post Armed Robbers Steal $85K in Trinidad Crypto Ambush β βWrench Attacksβ Now Strike Weekly appeared first on Cryptonews.
The Shai-Hulud 2.0 supply chain attack has proven to be one of the most persistent and destructive malware campaigns targeting the developer ecosystem. Since the incident first emerged on November 24, 2025, Wiz Research and Wiz CIRT have been tracking the active spread, which continues to evolve, even as infection rates have slowed to a [β¦]
The post Shai-Hulud 2.0 Cyberattack Compromises 30,000 Repos and Exposes 500 GitHub Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Artificial intelligence isnβt just another tool in the security stack anymore β itβs changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially..
The post The Dual Role of AI in Cybersecurity: Shield or Weapon? appeared first on Security Boulevard.
Polish authorities have made a significant move in their cybercrime enforcement efforts by detaining a Russian national suspected of conducting unauthorized cyber attacks against local organizations. The arrest, made on November 16, 2025, marks a significant development in international cybercrime investigations and highlights Polandβs commitment to protecting critical infrastructure and businesses from digital threats. The [β¦]
The post Poland Arrests Suspected Russian Hacker Targeting Local Organizationsβ Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The incident occurred in September, and the Japanese firm has now released its full internal investigation results.
The post Asahi Confirms Cyberattack Exposed Data of 1.5M Customers appeared first on TechRepublic.
The incident occurred in September, and the Japanese firm has now released its full internal investigation results.
The post Asahi Confirms Cyberattack Exposed Data of 1.5M Customers appeared first on TechRepublic.
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24. The attack has forced officials to shut down systems as a precautionary measure while they work to restore services and investigate potential data compromise. The first [β¦]
The post London Councils Hit by Cyberattack, Disrupts IT and Telephone Lines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Login