The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

The Technical SEO Audit Needs A New Layer

Websites need a new audit framework that accounts for AI crawlers, rendering limitations, structured data, and accessibility ...

Some Connecticut Towing Companies Are Ignoring New Law Aimed at Helping Low-Income Residents

A new state law required most involuntary tows from apartments to be triggered by specific complaints. But residents say ...

Tempo® Communications Launches EML250-ID Marker Locator / OmniMarker-ID Markers for Intelligent Buried Asset Management

The EML250-ID and OmniMarker-ID transform underground utility management into a data-driven system that can write, ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
The Hacker News

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Updated LOTUSLITE targets India banking sector via CHM and DLL side-loading, expanding espionage campaign to South Korea and ...
The Indiana Lawyer

Kyle Montrose and Neda Semsarieh: AI-enabled deal rooms, generative platforms speed due diligence

Today, many VDR providers are incorporating AI into their platforms, significantly expanding their core functionality.
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Newsworthy.ai

An AI Escaped Its Sandbox, Emailed a Researcher, Then Self-Published Its Own Exploit Online!

VectorCertain LLC today announced new validation results demonstrating that its SecureAgent platform successfully detected ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...