Tag: marketplace
-
Vibe-codierte Ransomware auf Microsoft Marketplace entdeckt
Tags: access, ai, control, github, infrastructure, malware, marketplace, microsoft, ransomware, tool, vulnerabilityForscher haben eine Visual- Studio- Code-Erweiterung mit Ransomware-Funktionen entdeckt.Der Sicherheitsspezialist Secure Annex stellte kürzlich fest, dass eine Schadsoftware namens ‘Ransomvibe” in Erweiterungen für den Quellcode-Editor Visual Studio Code eingebettet wurde. ‘Sobald die Erweiterung aktiviert ist, wird zunächst die Funktion zipUploadAndEcnrypt ausgeführt. Diese Funktion wendet alle für Ransomware und Erpressungssoftware typischen Techniken an”, heißt es im…
-
GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Vibe Coding: Schrott-Ransomware in VS-Code-Marketplace aufgetaucht
Microsoft ist offenbar nicht sehr darum bemüht, Ransomware aus dem VS-Code-Marketplace zu halten. Zumindest, solange sie schlecht programmiert ist. First seen on golem.de Jump to article: www.golem.de/news/vibe-coding-schrott-ransomware-in-vs-code-marketplace-aufgetaucht-2511-201957.html
-
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s extension marketplace, all contained the same critical security flaw: unsanitized command injection. The vulnerabilities, confirmed…
-
AI-Slop ransomware test sneaks on to VS Code marketplace
A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft’s official VS Code marketplace. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-slop-ransomware-test-sneaks-on-to-vs-code-marketplace/
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs
Tags: android, cyber, cybersecurity, google, infrastructure, iot, malicious, marketplace, mobile, threatCybersecurity threats targeting mobile devices and critical infrastructure have reached alarming new heights, according to Zscaler’s latest research. The latest findings from Zscaler, Inc. (NASDAQ: ZS) expose a sophisticated campaign by threat actors who have successfully infiltrated Google’s official app marketplace with hundreds of malicious applications. The company’s ThreatLabz 2025 Mobile, IoT, and OT Threat…
-
10 Successful Marketplaces Built on Sharetribe: Lessons Learned
The marketplace revolution is here, and it’s transforming how we buy, sell, and share everything from vintage furniture… First seen on hackread.com Jump to article: hackread.com/marketplaces-built-on-sharetribe/
-
10 Successful Marketplaces Built on Sharetribe: Lessons Learned
The marketplace revolution is here, and it’s transforming how we buy, sell, and share everything from vintage furniture… First seen on hackread.com Jump to article: hackread.com/marketplaces-built-on-sharetribe/
-
Digitale Souveränität und Sicherheit im Einklang
Der Security-Anbieter Airlock, der unter dem Dach der Schweizer Ergon Informatik agiert, ist neuer Circle-Partner der Open Telekom Cloud und auf dem Open-Telekom-Marketplace vertreten. Ziel der Kooperation ist es, die digitale Souveränität in Europa nachhaltig zu stärken und Unternehmen eine leistungsstarke und gleichzeitig hochsichere, DSGVO-konforme Cloud-Infrastruktur bereitzustellen. Open-Telekom-Cloud-Kunden erhalten künftig direkten Zugang zur modularen Airlock-Plattform…
-
Digitale Souveränität und Sicherheit im Einklang
Der Security-Anbieter Airlock, der unter dem Dach der Schweizer Ergon Informatik agiert, ist neuer Circle-Partner der Open Telekom Cloud und auf dem Open-Telekom-Marketplace vertreten. Ziel der Kooperation ist es, die digitale Souveränität in Europa nachhaltig zu stärken und Unternehmen eine leistungsstarke und gleichzeitig hochsichere, DSGVO-konforme Cloud-Infrastruktur bereitzustellen. Open-Telekom-Cloud-Kunden erhalten künftig direkten Zugang zur modularen Airlock-Plattform…
-
Digitale Souveränität und Sicherheit im Einklang
Der Security-Anbieter Airlock, der unter dem Dach der Schweizer Ergon Informatik agiert, ist neuer Circle-Partner der Open Telekom Cloud und auf dem Open-Telekom-Marketplace vertreten. Ziel der Kooperation ist es, die digitale Souveränität in Europa nachhaltig zu stärken und Unternehmen eine leistungsstarke und gleichzeitig hochsichere, DSGVO-konforme Cloud-Infrastruktur bereitzustellen. Open-Telekom-Cloud-Kunden erhalten künftig direkten Zugang zur modularen Airlock-Plattform…
-
Digitale Souveränität und Sicherheit im Einklang
Der Security-Anbieter Airlock, der unter dem Dach der Schweizer Ergon Informatik agiert, ist neuer Circle-Partner der Open Telekom Cloud und auf dem Open-Telekom-Marketplace vertreten. Ziel der Kooperation ist es, die digitale Souveränität in Europa nachhaltig zu stärken und Unternehmen eine leistungsstarke und gleichzeitig hochsichere, DSGVO-konforme Cloud-Infrastruktur bereitzustellen. Open-Telekom-Cloud-Kunden erhalten künftig direkten Zugang zur modularen Airlock-Plattform…
-
‘SleepyDuck’ Malware in Open VSX Lets Attackers Remotely Control Windows PCs
Security researchers have identified a dangerous remote access trojan called SleepyDuck lurking in the Open VSX IDE extension marketplace, targeting developers who use code editors like Cursor and Windsurf. The malicious extension masqueraded as a legitimate Solidity programming language helper, squatting on the name of an established extension to evade detection. The compromised extension juan-bianco.solidity-vlang…
-
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft’s…
-
New Atroposia RAT Uses Hidden Remote Desktop, Vulnerability Scanning and Advanced Persistence
Tags: access, credentials, cyber, cyberattack, cybercrime, malware, marketplace, network, rat, theft, vulnerabilityA sophisticated new remote access trojan called Atroposia has emerged in underground cybercrime marketplaces, offering attackers a comprehensive toolkit for hidden remote desktop access, credential theft, and network manipulation at an accessible price point. Security researchers at Varonis recently discovered the malware being promoted on underground forums, highlighting how advanced cyberattack capabilities are increasingly packaged…
-
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
-
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
-
Prosper Marketplace Data Breach Expands: 17.6 Million Users Impacted in Database Intrusion
In a significant development in one of the year’s largest fintech breaches, new reports released today confirm that Prosper Marketplace, the San Franciscobased peer-to-peer lending platform, suffered a data compromise affecting roughly 17.6 million people. The updated figure, first published by TechRadar and Tom’s Guide, sheds light on the scale of the incident and reveals……
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
GlassWorm Malware Targets Developers Through OpenVSX Marketplace
GlassWorm, a self-propagating malware, infects VS Code extensions through the OpenVSX marketplace, stealing credentials and using blockchain for control. First seen on hackread.com Jump to article: hackread.com/glassworm-malware-developers-openvsx-marketplace/