Malicious VS Code Extension Targets Developers with Credential Theft

A compromised Nx Console extension silently harvested developer credentials from password managers, cloud services, and code repositories through a multi stage attack on VS Code users.

The Latest

Breaking News and Alerts

Palo Alto Networks Patches Actively Exploited PAN OS Flaw

Palo Alto Networks addresses a critical buffer overflow in PAN OS that attackers have exploited since last month to deploy remote access tools.

Spotlight

Cybersecurity Profiles and Stories

Exploit Code Released for New Linux Kernel Privilege Escalation Flaw

Proof of concept exploit code has been released for a Linux kernel vulnerability that bypasses copy on write protections to allow local privilege escalation on distributions with CONFIG_RXGK enabled.

Microsoft Edge Halts Preloading of Stored Credentials at Startup

Microsoft Edge will no longer load saved passwords into process memory at startup, a proactive security improvement under the company's Secure Future Initiative.

Four-Faith Industrial Routers Exploited to Fuel Global Botnet Campaign

Attackers are exploiting a critical authentication bypass flaw in Four-Faith industrial routers to enroll them into botnets for DDoS and proxy attacks.

Compromised CI/CD Tool Steals Pipeline Secrets via Tag Spoofing Attack

Attackers silently redirected all version tags of a popular GitHub Action to malicious code that steals pipeline credentials from runner memory.

Features

Research and Thought Leadership