The Hacker News

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 now employs ClickFix, fileless PowerShell, and DLL sideloading to gain stealthy access that enables ransomware ...
CNET

Is That Link Legit? How to Spot and Avoid Scams in Your Inbox

"Smartphones do their best to block scam links, so attackers use tricks to make their links clickable," said Joshua McKenty, CEO of Polyguard.ai, a cybersecurity company that helps businesses protect ...

Shadow spreadsheets: The security gap your tools can’t see

When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that ...

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...
The Hacker News

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

CISA warns WinRAR CVE-2025-6218 is under active attack by multiple threat groups, requiring federal fixes by Dec. 30, 2025.
Infosecurity Magazine

Malicious VS Code Extensions Deploy Advanced Infostealer

Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...