A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository.
The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access.
The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors.
“The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo
The Hacker News – Read More
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls.
The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
SecurityWeek – Read More
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
darkreading – Read More
FBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.
darkreading – Read More
Amnesty International said it identified dozens of scam compounds in Cambodia, calling the government’s response to the nexus of cybercrime and human trafficking “grossly inadequate.”
The Record from Recorded Future News – Read More
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk.
“This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
The Hacker News – Read More
DHS said low-level cyberattacks targeting U.S. networks are “likely” in the wake of military conflict between the US and Israel, and Iran.
Security News | TechCrunch – Read More