VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce
This latest infusion, led by SYN Ventures, brings the company’s total funding to $16.9 million.
The post Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce appeared first on SecurityWeek.
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next.
Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less
Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less
Newsletter platform Substack notifies users of data breach
Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. […]
Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says
Italy has foiled a series of cyberattacks targeting some of its foreign ministry offices, including one in Washington.
The post Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says appeared first on SecurityWeek.
SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown
The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic.
The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek.
CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats
The Buyer’s Guide to AI Usage Control
Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening
Critical N8n Sandbox Escape Could Lead to Server Compromise
A critical sandbox escape vulnerability in the n8n AI workflow automation platform could allow attackers to execute arbitrary commands on the server, Pillar Security reports. Tracked as CVE-2026-25049 (CVSS score of 9.4), the issue impacts the manner in which the n8n sandbox’s sanitization routine evaluates JavaScript expressions. Pillar discovered that the sandbox’s sanitizer could be […]
The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek.
Data breach at fintech firm Betterment exposes 1.4 million accounts
Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. […]