Weekly Recap: IoT Exploits, Wallet Breaches, Rogue Extensions, AI Abuse & More – CVE-2025-68668 (CVSS 9.9)

Estimated reading time: 7 minutes

Key Takeaways:

  • Critical sandbox bypass vulnerability identified in n8n automation platform (CVE-2025-68668) with a near-perfect CVSS score of 9.9.
  • The RondoDox botnet is aggressively exploiting React and Next.js vulnerabilities across tens of thousands of global instances.
  • Supply chain failures in Trust Wallet lead to multi-million dollar thefts via rogue browser extensions.
  • Chinese threat group DarkSpectre has compromised nearly 9 million users through a sophisticated seven-year browser malware operation.
  • AI-automated phishing campaigns are seeing a 4.5x increase in click-through rates compared to traditional methods.

Table of Contents

Weekly Recap Overview

The first week of 2026 has been characterized by the persistence of established attack vectors and the emergence of critical vulnerabilities in automation platforms. The cybersecurity landscape remains pressured by a combination of sophisticated supply chain compromises, widespread browser extension malware, and the continued refinement of botnet operations targeting Internet of Things (IoT) infrastructure. A primary focus this week is CVE-2025-68668 (CVSS 9.9), a critical sandbox bypass vulnerability in the n8n workflow automation platform that allows authenticated users to execute system commands.

PurpleOps continues to monitor these developments to provide technical insights and defensive strategies for organizations navigating these risks. This recap synthesizes the most significant events, ranging from state-sponsored campaigns in Asia to the evolving monetization strategies of ransomware collectives.

Analyzing CVE-2025-68668 (CVSS 9.9): Sandbox Bypass in n8n

A critical protection mechanism failure has been identified in n8n, an open-source workflow automation platform. Tracked as CVE-2025-68668, the vulnerability has received a CVSS score of 9.9. It enables an authenticated attacker with permissions to modify or create workflows to bypass the intended sandbox and execute arbitrary operating system commands on the host.

Illustration of CVE-2025-68668 vulnerability affecting n8n automation

The flaw specifically affects the Python Code Node that utilizes Pyodide. Under normal operations, the Python execution environment is intended to be isolated from the host system. However, researchers discovered a method to escape this isolation, allowing commands to run with the same privileges as the n8n process itself.

This vulnerability impacts n8n versions from 1.0.0 through 1.99.x. The issue was addressed in version 2.0.0, which transitioned the native Python implementation to a task runner-based architecture by default. For organizations unable to immediately upgrade, temporary mitigations include disabling the Code Node entirely by setting the NODES_EXCLUDE environment variable or manually configuring the task runner-based Python sandbox.

The RondoDox Botnet and IoT Exploitation

The RondoDox botnet has maintained a persistent nine-month campaign targeting IoT devices and web applications. As of late 2025, the botnet began leveraging CVE-2025-55182 (React2Shell), a remote code execution (RCE) flaw in React Server Components and Next.js.

The scale of this exploitation is significant. Data from the Shadowserver Foundation indicates that over 84,000 instances remain susceptible to this vulnerability. The geographic distribution is heavily concentrated in the United States (66,200), followed by Germany, France, and India. The RondoDox campaign illustrates how threat actors quickly integrate newly disclosed vulnerabilities into automated scanning frameworks.

Trust Wallet and the Shai-Hulud Supply Chain Attack

In the financial sector, Trust Wallet confirmed that a supply chain attack-designated as Shai-Hulud-resulted in the theft of approximately $8.5 million. The breach was facilitated by the exposure of Developer GitHub secrets, which granted the attacker access to the browser extension source code and the Chrome Web Store (CWS) API key.

By obtaining full CWS API access, the threat actor bypassed the standard release process, allowing them to upload malicious builds directly to users.

The malicious extension was designed to exfiltrate mnemonic phrases to an attacker-controlled domain. This event emphasizes the critical need for supply-chain risk monitoring and brand leak alerting to detect exposed credentials before they are utilized in production environments.

DarkSpectre: A Massive Browser Extension Malware Operation

A Chinese threat group identified as DarkSpectre has been linked to an extensive malware operation affecting 8.8 million users over seven years. The group operates multiple clusters:

  • ShadyPanda: Responsible for 5.6 million infections, focusing on user surveillance and e-commerce affiliate fraud.
  • GhostPoster: Affects over one million users on Firefox and Opera. Uses steganography to hide malicious payloads within PNG images.
  • The Zoom Stealer: Impacts 2.2 million users and is primarily used for corporate espionage.

The DarkSpectre operation highlights the maturation of browser-based threats. Organizations should consider dark web monitoring service integration to identify if internal credentials or browser data from their employees appear in underground markets.

State-Sponsored Activity: Mustang Panda and Silver Fox

Chinese threat actors have also been active in targeted regional campaigns. The group known as Silver Fox has focused on India, using phishing lures themed around income tax to distribute ValleyRAT (also known as Winos 4.0). ValleyRAT uses a plugin-oriented architecture, allowing operators to deploy modular capabilities for keylogging and credential harvesting.

Concurrently, the Mustang Panda (HoneyMyte) group was observed using an undocumented kernel-mode rootkit driver to deliver the TONESHELL backdoor. These campaigns rely on sophisticated evasion techniques that necessitate advanced cyber threat intelligence platform capabilities to map infrastructure and TTPs.

The Intersection of AI and Identity Security

The integration of Artificial Intelligence (AI) into the enterprise has introduced new security challenges. OpenAI recently acknowledged that prompt injection attacks in browser agents are unlikely to be fully solved. These attacks involve concealing malicious instructions within web content to override the AI agent’s guardrails.

Microsoft has reported that adversaries are using AI to increase the effectiveness of phishing campaigns. AI-automated phishing emails have shown a 54% click-through rate, a significant increase over the 12% rate associated with standard attempts.

Ransomware Evolution: From Extortion to Data Auctions

Ransomware operations are shifting toward a more structured, profit-driven model. Beyond traditional encryption, actors are now monetizing stolen data through auctions, selling information to the highest bidder. This evolution reflects a professionalization of the underground economy.

Accessing real-time ransomware intelligence can help organizations understand the current market value of their data. As breaches become bidding wars, the focus of defense must shift toward preventing data exfiltration and maintaining robust underground forum intelligence.

Messaging App Security: The Handala Breaches

The pro-Iranian group Handala successfully breached the Telegram accounts of high-ranking Israeli officials. The attack vectors identified include social engineering, spear phishing, and the exfiltration of Telegram Desktop session files (tdata). This incident highlights that even “secure” messaging apps are vulnerable if session management and Multi-Factor Authentication (MFA) are not strictly enforced.

Practical Takeaways for Organizations

Technical Takeaways:

  • Audit Automation Platforms: For users of n8n, immediate upgrade to version 2.0.0 is required to address CVE-2025-68668.
  • Secrets Management: Implement strict rotation policies for GitHub secrets and API keys.
  • Endpoint Hygiene: Conduct audits of installed browser extensions across the enterprise and remove unverified publishers.
  • Session Security: Enforce MFA and protect session files (like Telegram’s tdata) from unauthorized exfiltration.

Non-Technical Takeaways:

  • Phishing Awareness: Update training to include AI-generated content and tax-themed lures.
  • Vendor Due Diligence: Evaluate how third-party SaaS providers handle code execution and data isolation.
  • Response Planning: Prepare specifically for data auction scenarios in the event of a breach.

How PurpleOps Addresses These Threats

PurpleOps provides the infrastructure and expertise necessary to defend against the diverse range of threats identified in this recap.

Conclusion

The incidents of early 2026 demonstrate that threat actors are successfully exploiting the complexity of modern digital environments. Success in this environment depends on moving beyond reactive patching toward a proactive security model. By understanding patterns of exploitation, organizations can implement more effective controls.

For a detailed evaluation of your current security posture, explore our platform or view our full range of services. Contact PurpleOps today to strengthen your defenses against the current threat landscape.

FAQ

What is the primary risk of CVE-2025-68668 in n8n?
It allows authenticated users to bypass the Python sandbox and execute arbitrary system commands on the host machine, potentially leading to a full system compromise.

How did the Trust Wallet supply chain attack occur?
The Shai-Hulud attack occurred because developer GitHub secrets and Chrome Web Store API keys were exposed, allowing attackers to push malicious updates directly to users.

What makes the DarkSpectre malware operation unique?
It has operated for over seven years, affecting nearly 9 million users by using steganography to hide malicious code inside PNG images, allowing it to remain undetected by traditional antivirus software.

Are AI-generated phishing emails really more effective?
Yes, data shows a click-through rate of 54% for AI-automated phishing, which is more than four times higher than the 12% rate seen in standard phishing attempts.