-
Modern development workflows increasingly rely on AI-driven coding assistants to accelerate software delivery and improve code quality. However, recent research has illuminated a potent new threat: adversaries can exploit these tools to introduce backdoors and generate harmful content without immediate detection. This vulnerability manifests through the misuse of context‐attachment features, where contaminated external data sources […] The post Threat Actors Could Misuse Code Assistant To Inject Backdoors and Generating Harmful Content appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
AI code assistants integrated into IDEs, like GitHub Copilot, offer powerful chat, auto-completion, and test-generation features. However, threat actors and careless users can exploit these capabilities to inject backdoors, leak sensitive data, and pro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms. The vulnerability, disclosed during the TyphoonPWN 2025 LG Category competi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell and the Covenant framework. In early 2025, a trusted…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers and organizations using these packages should take immedia…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers. The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial services f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS 43UT8050, enables unauthenticated attackers to gain root access, install malicious applications, and completely compromise the […] The post LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading as urgent administrative forms or compensation requests. Upon opening, the document’s embedded macros drop a […] The post New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative access to websites by exploiting the social login functionality. The vulnerability, tracked as CVE-2025-5821 with a CVSS score of 9.8, affects all versions of the plugin up to 1.0.3 and […] The post WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
