Skip to content
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chainRead More »Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. “Some of these [companies’ are heavily involved in the unmanned aerial vehicle (UAV) sector, suggestingRead More »North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactlyRead More »ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment

As AI coding tools flood enterprises with functional but flawed software, researchers urge embedding security checks directly into the AI workflow. The post Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment appeared first on SecurityWeek.

Serious F5 Breach

This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past tookRead More »Serious F5 Breach

Why Organizations Are Abandoning Static Secrets for Managed Identities

Why Organizations Are Abandoning Static Secrets for Managed Identities

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability,Read More »Why Organizations Are Abandoning Static Secrets for Managed Identities

Copyright © 2025 infosecintel.net