-
A sophisticated threat actor known as TigerJack has systematically infiltrated developer marketplaces with at least 11 malicious Visual Studio Code extensions, targeting thousands of unsuspecting developers worldwide. Operating under multiple publisher identities including ab-498, 498, and 498-00, this cybercriminal has deployed a comprehensive attack arsenal designed to steal source code, mine cryptocurrency, and establish remote […] The post TigerJack Hacks Infiltrated Developer Marketplaces with 11 Malicious VS Code Extensions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The emergence of a sophisticated malware campaign leveraging geo-mapping technology has put critical infrastructure and enterprise networks on high alert. First observed targeting sectors across Asia and North America, the malware was traced to a group of Chinese threat actors employing advanced stealth tactics to sustain prolonged network penetration. Attackers harnessed a unique blend of […] The post Chinese Hackers Leverage Geo-Mapping Tool to Maintain Year-Long Persistence appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated campaign orchestrated by multiple hacktivist groups has emerged, targeting government portals, financial services, and online commerce platforms across Israel and allied nations. The coordinated cyber offensive, timed around the October 7 anniversary, demonstrated unprecedented levels of organization and cross-ideological cooperation among geographically dispersed threat actors. The campaign peaked on October 7, 2025, with […] The post Pro-Russian Hacktivist Group Attacking Government Portals, Financial Services and Online Commerce appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared mem…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Veeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup server…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity threats are rapidly evolving; even advanced operating systems like Windows 11 and Windows Server 2025 can have vulnerabilities due to legacy configurations. Horizon Secure highlighted a concerning feature: WDigest authentication, which can be enabled to cache plaintext passwords in memory, potentially exposing users to credential theft. Disabled by default since Windows 10 version 1703, […] The post Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has released a critical security update for Chrome browser users after discovering a dangerous use-after-free vulnerability that could allow cybercriminals to execute malicious code on victims’ computers. The flaw, tracked as CVE-2025-1175…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Fortinet has disclosed a critical security vulnerability affecting FortiPAM and FortiSwitchManager products that could enable attackers to bypass authentication mechanisms through brute-force attacks. The vulnerability, tracked as CVE-2025-49201, was i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access. These issues were patched in the October 2025 cumulative update, but […] The post Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Sophisticated Threat Actor Compromises 17,000+ Developers Through Trojan Extensions That Steal Code and Mine Cryptocurrency. Operating since early 2025 under multiple publisher accounts (ab-498, 498, and 498-00), this sophisticated campaign deploys ext…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
