Tag GitHub

October 23, 2025

GlassWorm Malware Targets Developers via OpenVSX Marketplace – Hackread – Your Source for Cybersecurity News, Data Breaches, Tech, AI, Crypto, and More

A recent cyber threat known as GlassWorm has been detected, specifically targeting developers utilizing Visual Studio Code extensions via the OpenVSX marketplace. Koi Security unveiled this campaign, which leverages trusted extensions to automatically propagate across various development environments while employing stolen credentials to facilitate further infections. Distinct from typical malware…

October 17, 2025

Breach Brief: Chinese Hackers Target ArcGIS Vulnerability

Cybercrime, Fraud Management & Cybercrime Internet-Exposed Call Center Software Under Attack; Patch Tuesday Update Anviksha More (AnvikshaMore) • October 16, 2025 Image: Shutterstock/ISMG This week, the Information Security Media Group covers a range of cybersecurity incidents: Chinese hackers exploiting ArcGIS, vulnerabilities in internet-exposed call center software, and the latest Patch…

October 15, 2025

Share Your Secrets Without Revealing Them

The challenge of safeguarding digital secrets in an increasingly interconnected world has become increasingly urgent. GitGuardian’s engineers faced a critical task while developing their HasMySecretLeaked service, designed to assist developers in determining whether confidential information—such as passwords, API keys, and cryptographic certificates—has been inadvertently exposed within public GitHub repositories. The…

October 14, 2025

Satellites Exposing Global Secrets: Intercepted Calls, Texts, and Sensitive Military and Corporate Information

Recent findings indicate that individuals around the globe could replicate a sensitive data collection operation, utilizing readily available satellite hardware. Researchers conducted an experiment employing standard satellite technology: a $185 satellite dish, a $140 roof mount, a $195 motor, and a $230 tuner card, all totaling under $800. This highlights…

October 13, 2025

North Korean Hackers Exploit Windows Update Service to Distribute Malware

The Lazarus Group, a prominent North Korean hacking organization, has recently launched a new campaign employing the Windows Update service to execute its malicious payload. This development reflects an ongoing expansion of the group’s utilization of living-off-the-land (LotL) techniques to achieve its objectives. Known by several aliases, including APT38 and…

October 13, 2025

Exposing Cyber Threats in Healthcare: Separating Fact from Fiction

The cybersecurity landscape is increasingly marked by a staggering disparity in the value of personal information on the dark web. In this context, Electronic Health Records (EHRs) command the highest price, selling for upwards of $1,000 each. This is significantly more than a credit card number, which averages around $5,…

October 9, 2025

GitHub Copilot Chat Vulnerability Exposes Private Code Through Images

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Research Uncovers Vulnerability Allowing Data Exfiltration via Hidden Images Rashmi Ramesh (rashmiramesh_) • October 9, 2025 Image: PJ McDonnell/Shutterstock A recently resolved vulnerability within GitHub Copilot Chat has been identified, which could have permitted threat actors to extract source code…

October 8, 2025

Ukrainian Cryptojacking Kingpin Arrested at 29 for Exploiting Cloud Services

Ukrainian National Arrested for Sophisticated Cryptojacking Scheme A 29-year-old individual from Ukraine has been apprehended for orchestrating a comprehensive cryptojacking operation, which has reportedly yielded over $2 million (€1.8 million) in illicit earnings. Identified as the key architect behind the scheme, the suspect was arrested in Mykolaiv on January 9…

September 30, 2025

“Override Panda” Hacking Group Emerges Again with New Espionage Operations

In recent weeks, the Chinese state-sponsored hacking group known as Override Panda has made headlines again, launching a sophisticated phishing campaign aimed at acquiring sensitive information. This resurgence focuses on utilizing spear-phishing tactics to compromise targeted entities. According to a report by Cluster25, this threat actor leveraged a spear-phishing email…