Threat-Hunting

Koi and Malwarebytes disclosed a long-running extension operation (“ShadyPanda”) where multiple Chrome/Edge add-ons accumulated trust for years and then flipped to spyware/RCE via hourly command tasks. The operators reached ~4.3M installs across phases; one cluster polls api.extensionplay[.]com hourly to fetch and execute arbitrary JavaScript, and another (e.g., WeTab) streams browsing data in real time. Google removed affected Chrome Web Store items; at disclosure time some Microsoft Edge Add-ons remained available. Treat this as a browser-level backdoor that bypasses traditional endpoint controls and exposes SaaS sessions and cookies. (Koi, Malwarebytes, BleepingComputer, SecurityWeek, The Register).

YARA-X 1.10.0 adds a new subcommand that can automatically apply suggested fixes for certain compiler warnings. The command is invoked as yr fix warnings, and one common transformation replaces ambiguous 0 of (...) conditions with explicit none of (...). The tool edits your rule files in place, so use version control or work on copies first. (github.com)

Overview

YARA-X is a Rust rewrite of YARA with a modern CLI named yr. It targets high compatibility with existing rules while improving performance, safety, and developer ergonomics. (github.com)