-
A recent discovery has shaken the Visual Studio Code (VSCode) ecosystem, unveiling a sophisticated supply chain attack targeting developers worldwide. At least a dozen malicious extensions were identified in the official VSCode Marketplace, with four remaining active as of the time of reporting. These plugins, some disguised as legitimate productivity tools, infiltrated developer environments, laying […] The post 12 Malicious Extension in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Jenkins project released Security Advisory 2025-10-29 on October 28, 2025, disclosing multiple vulnerabilities across 13 plugins that power the popular open-source automation server. These flaws range from high-severity authentication bypasses to permission misconfigurations and credential exposures, potentially exposing enterprise CI/CD pipelines to unauthorized access and code execution. While fixes are available for two critical […] The post Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security pro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operate…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Jofpin has disclosed “Brash,” a critical flaw in Google’s Blink rendering engine that enables attackers to crash Chromium-based browsers almost instantly. Affecting billions of users worldwide, this architectural weakness exploits unchecked updates to the document.title API, overwhelming the browser’s main thread and triggering system-wide denial of service without sophisticated tools or privileges. The […] The post Critical Vulnerability in Chromium’s Blink Let Attackers Crash Chromium-based Browsers Within Seconds appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, called Brash, allows malicious act…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Jenkins automation server users face critical security threats following the disclosure of 14 distinct vulnerabilities spanning multiple plugins. The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilita…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting developers has been operating since August 2025, deploying 126 malicious npm packages that have collectively accumulated over 86,000 downloads. The attack, now identified as PhantomRaven, has been actively harvesting npm authentication tokens, GitHub credentials, and CI/CD pipeline secrets from developers across the globe while employing advanced detection evasion techniques that […] The post PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
