The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue. GlassWorm was…
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network…
Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys
The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified malicious code embedded within official releases, prompting Google to forcibly disable the…
Kensington and Chelsea confirms IT outage was a data breach after all
Borough says attackers copied ‘historical’ info as three-council cyber woes drag on Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week’s cyber meltdown, confirming that the outage was not just an IT…
ShadyPanda’s Seven-Year Campaign Infects 4.3M Chrome and Edge Users
Infected 4.3 million Chrome and Edge users via extensions; ShadyPanda exploited browser marketplaces This article has been indexed from www.infosecurity-magazine.com Read the original article: ShadyPanda’s Seven-Year Campaign Infects 4.3M Chrome and Edge Users
The Great Disconnect: Unmasking the ‘Two Separate Conversations’ in Security
When familiar security concepts carry unfamiliar meanings for different audiences, teams talk past each other without even realizing it. This silent disconnect weakens communication, clarity, and outcomes. The post The Great Disconnect: Unmasking the ‘Two Separate Conversations’ in Security appeared…
X’s New Location Feature Exposes Foreign Manipulation of US Political Accounts
X’s new location feature has revealed that many high-engagement US political accounts, particularly pro-Trump ones, are actually operated from countries outside the United States such as Russia, Iran, and Kenya. This includes accounts that strongly claim to represent American…
More Breaches, More Risks: Experts say Protect Your Data Now
As data breaches surge, experts warn consumers to guard personal information before it reaches the dark web With data breaches becoming almost routine, more consumers are being forced to confront the risks of having their personal information exposed online. …
Forward Edge-AI delivers quantum-safe data diode and earns communications patent
Forward Edge-AI announced two major milestones in advancing quantum-resistant communications: the United States Patent and Trademark Office (USPTO) has issued a Notice of Allowance for its patent application covering attack-resilient, trust-verified communications, and the company has delivered its Isidore Quantum…
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core…
120,000 Cameras Hacked In South Korea
Police announced on Sunday the arrests of four people in South Korea who allegedly breached more than 120,000 video cameras located in private homes The post 120,000 Cameras Hacked In South Korea first appeared on CyberMaterial. This article has been…
French Soccer Federation Suffers Cyberattack
The French soccer federation (FFF) confirmed on Thursday that it had been targeted by a cyber-attack resulting in the theft of data related to its members. The post French Soccer Federation Suffers Cyberattack first appeared on CyberMaterial. This article has…
Police Shut Down Cryptomixer Service
Law enforcement agencies from Switzerland and Germany have executed a significant operation, dubbed “Operation Olympia,” resulting The post Police Shut Down Cryptomixer Service first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original article: Police Shut…
North Korea Lazarus Group Hits Crypto
South Korean government officials are actively investigating a sophisticated cyberattack that resulted in the theft of $30 million worth of cryptocurrency The post North Korea Lazarus Group Hits Crypto first appeared on CyberMaterial. This article has been indexed from CyberMaterial…
India Orders Phones To Preinstall App
India’s telecommunications ministry has issued a directive requiring all major mobile device manufacturers to preload a government-backed cybersecurity The post India Orders Phones To Preinstall App first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Whispering poetry at AI can make it break its own rules
Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test? This article has been indexed from Malwarebytes Read the original article: Whispering poetry at AI can make it…
New eBPF Filters for Symbiote and BPFdoor Malware
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication. This article has been indexed from FortiGuard Labs Threat Research Read the…
FTC schools edtech outfit after intruder walked off with 10M student records
Regulator says Illuminate ignored years of warnings, stored kids’ data in plain text, and kept districts in the dark US edtech provider Illuminate Education just got dinged by the Federal Trade Commission for allegedly failing to keep an attacker from…
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper. The activity…
Glassworm Malware Strikes Again In VS Code
The Glassworm campaign is a serious, ongoing malware attack targeting the developer community, specifically through malicious extensions The post Glassworm Malware Strikes Again In VS Code first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read the original…
Smarttube Breach Pushes Malicious Update
The popular open-source SmartTube YouTube client for Android TV experienced a significant security breach when an attacker managed to gain access The post Smarttube Breach Pushes Malicious Update first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Shadypanda Extensions Hit Millions Users
The long-running malicious operation known as “ShadyPanda” has successfully amassed over 4.3 million installations of browser extensions for Chrome and Edge The post Shadypanda Extensions Hit Millions Users first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Phishing 3.0: AI and Deepfake-Driven Social Engineering Attacks
Phishing is no longer an easy-to-detect cyberattack. With the rise of artificial intelligence, attackers now launch AI-driven phishing campaigns to mimic human behavior. They can now generate flawless emails and use deepfake phishing attacks. Email security threats are more prominent…