Blog – Page 279 – Cyber Mike

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.
The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio

Nearly 800,000 Telnet servers exposed to remote attacks

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. […]

6 Okta security settings you might have overlooked

Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. […]

Upwind Raises $250 Million at $1.5 Billion Valuation

The CNAPP company will use the fresh investment to scale its runtime-first cloud security offering across data, AI and code.

The post Upwind Raises $250 Million at $1.5 Billion Valuation appeared first on SecurityWeek.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. […]

Crunchbase Confirms Data Breach After Hacking Claims

Crunchbase was targeted alongside SoundCloud and Betterment in a ShinyHunters campaign.

The post Crunchbase Confirms Data Breach After Hacking Claims appeared first on SecurityWeek.

Cyber Insights 2026: Threat Hunting in an Age of Automation and AI

Understanding how threat hunting differs from reactive security provides a deeper understanding of the role, while hinting at how it will evolve in the future.

The post Cyber Insights 2026: Threat Hunting in an Age of Automation and AI appeared first on SecurityWeek.

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly.
Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point.
What follows is a set of small but telling signals.

CISA says critical VMware RCE flaw now actively exploited

CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. […]

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing

Priced $2,000 – $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.

The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek.

Cyber News