Malicious VSCode extensions with 229M installs found on Microsoft marketplace
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy…
Category: Bleeping Computer
New York Times source code stolen using exposed GitHub token
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company’s GitHub repositories…
DDoS attacks target EU political parties as elections begin
Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. The European…
LastPass says 12-hour outage caused by bad Chrome extension update
LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. Starting at around 1 PM ET yesterday,…
Apple to unveil new ‘Passwords’ password manager app for iPhones, Macs
Apple will reportedly unveil a standalone password manager named ‘Passwords’ as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference.…
Christie’s starts notifying clients of RansomHub data breach
British auction house Christie’s is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. Christie’s discovered that it…
Frontier warns 750,000 of a data breach after extortion threats
Frontier Communications is warning 750,000 customers that there information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation.…
Microsoft makes Windows Recall opt-in, secures data with Windows Hello
Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be…
Ukraine says hackers abuse SyncThing tool to steal data
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed “SickSync,” launched by the UAC-0020 (Vermin) hacking group in attacks on…
PHP fixes critical RCE flaw impacting all versions for Windows
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers…
Los Angeles Unified School District investigates data theft claims
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor’s claims that they’re selling stolen databases containing records belonging to millions of students…
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
Image: Midjourney Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. The web shell enables…