Tag: malicious
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users
A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
-
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models
JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply chain attacks by distributing malicious ML models containing undetectable code. The discoveries underscore a fundamental…
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
-
Microsoft Silently Fixes 8-Year Windows Security Flaw
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. The post Microsoft Silently Fixes 8-Year Windows Security Flaw appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fixes-security-flaw/
-
Malicious VSCode Extension Deploys Anivia Loader and OctoRAT
In late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem came to light, demonstrating how threat actors are increasingly targeting developer tools to gain persistent access to high-value systems. On November 21, a malicious extension masquerading as the popular Prettier code formatter appeared briefly on the official VSCode Marketplace before…
-
Hackers Actively Exploit New Windows LNK 0-Day Vulnerability
A newly discovered security flaw in Windows shortcut files is being actively used by hackers to target diplomatic organisations. The vulnerability allows attackers to conceal malicious commands within shortcut files (.lnk), making them invisible to users. The Discovery and Initial Rejection The issue was first highlighted in March 2025 by researchers at Trend Micro. They…
-
Admins and defenders gird themselves against maximum-severity server vuln
Open source React executes malicious code with malformed HTML”, no authentication needed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/
-
RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments
Tags: access, ai, api, attack, automation, backdoor, cloud, exploit, flaw, google, malicious, open-source, openai, rce, remote-code-execution, risk, service, tool, vulnerabilityMultiple attack vectors: For this flaw to be exploited, the victim needs to clone the repository and run Codex on it and an attacker needs to have commit access to the repo or have their malicious pull request accepted.”Compromised templates, starter repos, or popular open-source projects can weaponize many downstream consumers with a single commit,”…
-
‘ShadyPanda’ Hackers Weaponize Millions of Browsers
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadypanda-hackers-weaponize-browsers
-
Admins and defenders gird themselves against maximum-severity server vulnerability
Open source React executes malicious code with malformed HTML”, no authentication needed. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability/
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
-
Early Indicators of Insider Threats Through Authentication and Access Controls
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalate into confirmed breaches. Most insider threats do not announce themselves with apparent malicious activity. Instead, security teams encounter subtle…
-
Early Indicators of Insider Threats Through Authentication and Access Controls
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalate into confirmed breaches. Most insider threats do not announce themselves with apparent malicious activity. Instead, security teams encounter subtle…
-
Early Indicators of Insider Threats Through Authentication and Access Controls
Security researchers at Nisos have identified a critical gap in insider threat detection: organizations often fail to correlate early behavioral anomalies with external intelligence sources, leaving meaningful warning signs buried beneath operational noise until incidents escalate into confirmed breaches. Most insider threats do not announce themselves with apparent malicious activity. Instead, security teams encounter subtle…
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
-
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named “hamburgerisland” in February 2024. The package has been downloaded First seen…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
-
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
-
Glassworm malware returns in third wave of malicious VS Code packages
The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/