brangberg – Page 162

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual Studio Code (VS Code) projects.
The use of VS Code “tasks.json” to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks

Trivy supply-chain attack spreads to Docker, GitHub repos

The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company’s GitHub organization to tamper with dozens of repositories. […]

RSAC 2026 Conference Announcements Summary (Pre-Event)

A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference.

The post RSAC 2026 Conference Announcements Summary (Pre-Event) appeared first on SecurityWeek.

M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds

The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025.

The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek.

Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware

The semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore.

The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware appeared first on SecurityWeek.

Varonis Atlas: Securing AI and the Data That Powers It

AI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach. […]

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.

The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.
This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks

Microsoft Exchange Online service change causes email access issues

Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday. […]

We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them

AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target.
When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint

Author: brangberg