Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of legitimate update packages. […]
Malicious VSCode Marketplace extensions hid trojan in fake PNG file
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. […]
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. […]
Microsoft bounty program now includes any flaw impacting its services
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. […]
Virtual Event Today: Cyber AI & Automation Summit Day 2
Day two of the Cyber AI & Automation Summit kicks off at 11AM ET. If you weren’t able to attend yesterday, all Day One sessions are already available on-demand.
The post Virtual Event Today: Cyber AI & Automation Summit Day 2 appeared first on SecurityWeek.
New ConsentFix attack hijacks Microsoft accounts via Azure CLI
A new variation of the ClickFix attack dubbed ‘ConsentFix’ abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) verifications. […]
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. […]
Former Accenture Employee Charged Over Cybersecurity Fraud
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements.
The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek.
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates.
The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek.
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life is still wide open.
The new Threatsday Bulletin
The new Threatsday Bulletin