Oct 24, 2025Ravie LakshmananDevOps / Malware Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target… Read More "Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack"
Oct 23, 2025Ravie LakshmananCyber Espionage / Threat Intelligence Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as… Read More "North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets"
Oct 23, 2025Ravie LakshmananCybersecurity / Hacking News Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack… Read More "$176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More"
Oct 23, 2025The Hacker NewsArtificial Intelligence / Data Protection AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you’re in security, that excitement often comes with a sinking feeling. Because while everyone else is… Read More "Secure AI at Scale and Speed — Learn the Framework in this Free Webinar"
Oct 23, 2025The Hacker NewsDevOps / Data Protection As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets,… Read More "Why Organizations Are Abandoning Static Secrets for Managed Identities"
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing… Read More "“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards"
Oct 23, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited… Read More "Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms"
Oct 23, 2025Ravie LakshmananData Breach / Vulnerability E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded… Read More "Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw"
Oct 22, 2025Ravie LakshmananVulnerability / Data Protection Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked… Read More "TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution"
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October… Read More "Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files"
