Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users. The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a
Author Archives: [email protected]
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a […]
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. “Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in […]
At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed “Project Astra”. At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. […]
23
Mar
Mar
To celebrate its 20th birthday, Google Maps teamed up with one of Asia’s most popular multi-hyphenate artists, Nicholas “Chef Nic” Tse, to curate a list of his favorite …
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. […]
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […]
The FBI is warning that fake online document converters are being used to steal people’s information and, in worst-case scenarios, lead to ransomware attacks. […]
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for […]
Cybercriminals are abusing Microsoft’s Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. […]