Daily Cyber News

add a heading (15)

VS Code Flaw Lets Attackers Republish Deleted Extensions

Cybersecurity experts have uncovered a loophole in the Visual Studio Code (VS Code) Marketplace that allows attackers to reuse the names of extensions that were previously removed. The discovery was made by ReversingLabs, a software supply chain security company, after identifying a malicious extension named “ahbanC.shiba”. This extension behaved similarly to two earlier extensions – […]

VS Code Flaw Lets Attackers Republish Deleted Extensions Read More »

add a heading (14)

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix

Every day, countless businesses and project managers rely on platforms like Trello, Asana, Monday.com, and others to manage tasks and collaborate. But what happens when these trusted tools fail? According to a Statista report, the global average cost of a data breach is around $4.88 million. In 2024, the private data of over 15 million

Hidden Flaws in Project Tools and How FluentPro Backup Provides the Fix Read More »

add a heading (12)

NX Build Tool Hacked to Steal Wallets and Secrets

A new supply-chain attack has compromised the widely used NX build tool, impacting more than 1,400 developers. Security researchers discovered that a malicious post-install script was added, which silently created a GitHub repository named s1ngularity-repository in affected users’ accounts. Inside this repository, attackers stored a base64-encoded dump containing highly sensitive information, including wallet files, API

NX Build Tool Hacked to Steal Wallets and Secrets Read More »

add a heading (13)

CISA Guide to Hunt and Defend Against Chinese Hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the NSA, FBI, and several international partners, has released a major cybersecurity advisory exposing a global espionage campaign conducted by state-sponsored hackers from the People’s Republic of China (PRC). These operations are targeting critical infrastructure networks around the world. The 37-page document, “Countering Chinese

CISA Guide to Hunt and Defend Against Chinese Hackers Read More »

add a heading (11)

Kea DHCP Vulnerability Enables Remote Crash Attack

A newly revealed security flaw in the ISC Kea DHCP server has raised serious concerns for organizations worldwide. Tracked as CVE-2025-40779, this vulnerability allows remote attackers to crash DHCPv4 services using a single specially crafted unicast packet, leading to potential large-scale network disruptions. Key Points Technical Details The flaw arises from an assertion failure in

Kea DHCP Vulnerability Enables Remote Crash Attack Read More »

add a heading (10)

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent advisory about a newly discovered zero-day flaw in Citrix NetScaler appliances. The issue, tracked as CVE-2025-7775, is a memory overflow vulnerability that enables remote code execution (RCE). Reports confirm that threat actors are already exploiting this weakness, which led to its immediate addition

CISA Issues Warning on Citrix NetScaler Zero-Day RCE Exploit Read More »

add a heading (9)

New Malware Exploits TASPEN to Target Indonesian Senior Citizens

A new and highly coordinated malware campaign has surfaced in Indonesia, specifically preying on senior citizens who depend on the nation’s official pension system. The attackers are exploiting the credibility of PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund that manages more than $15.9 billion in assets for millions of retired

New Malware Exploits TASPEN to Target Indonesian Senior Citizens Read More »

add a heading (8)

Underground Ransomware Gang Reveals New Global Attack Tactics

Over the past year, the Underground ransomware group has risen as a major threat to organizations worldwide, spanning multiple industries and countries. Initially spotted in July 2023, the gang reappeared in May 2024 with a Dedicated Leak Site (DLS), signaling a shift toward more advanced and strategic operations. Their attacks now reach from the United

Underground Ransomware Gang Reveals New Global Attack Tactics Read More »

add a heading (7)

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the Nx build system have warned users about a supply chain attack that allowed cybercriminals to release malicious versions of the popular npm package along with supporting plugins, designed to steal sensitive information. According to the advisory published on Wednesday, “Malicious versions of the Nx package, and certain auxiliary plugins, were uploaded

Malicious Nx Packages in ‘s1ngularity’ Attack Leak 2,349 GitHub, Cloud, and AI Credentials Read More »

5g (14)

BruteForceAI Tool Automates Login Page Detection and Smart Brute-Force Attacks

BruteForceAI, created by security researcher Mor David, is a modern penetration testing tool that combines large language models (LLMs) with browser automation to automatically detect login forms and perform advanced brute-force testing. By merging AI-powered form analysis, evasion strategies, and detailed logging, this framework makes credential-testing faster and more efficient, helping security professionals quickly uncover

BruteForceAI Tool Automates Login Page Detection and Smart Brute-Force Attacks Read More »