Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
The Hacker News

Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations

Experts exploited an XSS flaw in StealC’s admin panel, exposing operator sessions, system details & stolen cookies without ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Dark Reading

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to ...
SecurityWeek

Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls

Tenzai’s tests suggest that current vibe coding does not provide perfect coding. In particular, it requires very detailed and ...
Bleeping Computer

WinRAR flaw bypasses Windows Mark of the Web security alerts

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. The security issue is ...
Lubbock Avalanche-Journal

City of Lubbock restores websites after finding 'potentially malicious code' on computer

The City of Lubbock announced that it has fully restored its websites a week after it took those sites offline due to a "potential security concern." On Tuesday, the City of Lubbock said that on Aug.
Computer Weekly

Cyber body ISC2 signs on as UK software security ambassador

Professional cyber association ISC2 pledges support to UK government's Software Security Ambassador scheme, part of the recently unveiled Cyber Action Plan.