VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review…
Western Alliance Bank notifies 21,899 customers of data breach
Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's…
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed…
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers…
Lazarus hacked Bybit via breached Safe{Wallet} developer machine
Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer's device at…
Magecart Attackers Abuse Google Ad Tool to Steal Data
Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager…
Brave now lets you inject custom JavaScript to tweak websites
Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites,…
Can Your Security Measures Be Turned Against You?
Throughout history, the concept of defeating an opponent’s defenses has been central to warfare strategies. From ancient sieges using tunnels…
Microsoft Edge update adds AI-powered Scareware Blocker
Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature.…
Abandoned AWS Cloud Storage: A Major Cyberattack Vector
New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a…