Malicious VSCode Marketplace extensions hid trojan in fake PNG file
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious…
Latest Cybersecurity News — Page 798
View all →
Warnings Mount in Congress Over Expanded US Wiretap Powers
“The commercial landlords of the buildings where tens of millions of Americans go to work every day can be forced to assist the government with…
ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install
Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and…
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access…
Charming Kitten Leak Reveals Key Operatives, Front Firms, and Massive Global Compromise
The latest materials from the Charming Kitten network access reveal three significant findings that expand our understanding of Iran’s APT35 cyber operations: complete salary records…
Critical Gogs zero-day under attack, 700 servers hacked
Critical Gogs zero-day under attack, 700 servers hacked Pierluigi Paganini December 11, 2025 Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising…
Notepad++ fixes flaw that let attackers push malicious update files
Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater…
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google…
NBN Co puts a longer predictive lens on its digital twin ambitions
NBN Co is hoping that its latest foray into digital twin technology will enable it to predict network performance and customer experience, building on six…
GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration
GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration Pierluigi Paganini December 11, 2025 Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could…
Warrant requirements, Democratic worries could factor into spy law renewal debate
A fresh effort is mounting in Congress to require federal agents to obtain a warrant before searching a government surveillance database for information about U.S.…
New “SOAPwn” .NET Flaws Expose Barracuda, Ivanti, and Microsoft
Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed “SOAPwn,” that enables remote code execution across…