InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
CSO Online

Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers

Palo Alto Networks’ Unit 42 says two critical flaws are being actively abused to gain unauthenticated access, deploy persistent backdoors, and compromise entire enterprise mobile fleets even after ...

North Korean Lazarus group linked to Medusa ransomware attacks

North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in ...

Wikipedia blacklists Archive.today after alleged DDoS attack

Wikipedia editors have decided to remove all links to Archive.today, a web archiving service that they said has been linked ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online

You might not think of a CAPTCHA check as a cybercrime lure, but if you fall prey to one, you may become infected with malware. Learn how to spot them with our guide.

Critical SolarWinds Serv-U flaws offer root access to servers

SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Chicago Sun-Times

Granddaughter of 'Charlotte's Web' author upset with use of its title in immigration crackdown

Why are we asking for donations? Why are we asking for donations? This site is free thanks to our community of supporters. Voluntary donations from readers like you keep our news accessible for ...