Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. […]
Now Live: Ransomware Resilience & Recovery Summit – Join the Virtual Event In-Progress
SecurityWeek’s 2025 Ransomware Resilience & Recovery Summit takes place today, February 26th, as a fully immersive virtual event.
The post Now Live: Ransomware Resilience & Recovery Summit – Join the Virtual Event In-Progress appeared first on SecurityWeek.
Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale.
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,
PyPi package with 100K installs pirated music from Deezer for years
A malicious PyPi package named ‘automslc’ has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. […]
Lazarus hacked Bybit via breached Safe{Wallet} developer machine
Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer’s device at the multisig wallet platform Safe{Wallet}. […]
Pump.fun X account hacked to promote scam governance token
The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake “PUMP” token cryptocurrency scam. […]
New Anubis Ransomware Could Pose Major Threat to Organizations
Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
The post New Anubis Ransomware Could Pose Major Threat to Organizations appeared first on SecurityWeek.
EncryptHub breaches 618 orgs to deploy infostealers, ransomware
A threat actor tracked as ‘EncryptHub,’ aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. […]
Five best practices for securing Active Directory service accounts
Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. Learn from Specops Software about five best practices to help secure your Active Directory service accounts. […]
Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles
More than a year’s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members.
The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an
The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an