Author: Staff Writer

Top Highlights A security flaw in Microsoft’s VS Code Remote-SSH extension allows attackers to execute malicious code on users’ local machines through compromised remote servers. The vulnerability exploits trusted communication channels via built-in commands that open local terminals and send arbitrary code, effectively turning the development environment into an attack vector. Once a server is compromised, attackers can pivot to local machines by automating terminal commands, bypassing remote environment isolation assumptions. Mitigation includes user approval prompts for remote commands, monitoring suspicious activity, and advocating for secure default designs in development tools to prevent such supply chain attacks. Key Challenge A…

Top Highlights Europol confirms that the reported reward of up to $50,000 for information on two Qilin ransomware group members is a scam, and the message originated from a fraudulent Telegram channel. The so-called reward claim falsely attributes the message to Europol, which has official accounts on multiple social media platforms but does not operate a Telegram channel. Qilin, also known as Agenda, is a prolific ransomware group active since 2022, having targeted over 400 victims, including Lee Enterprises and pharma company Inotiv. Fake claims and false announcements are common tactics among cybercriminal groups to damage rivals’ reputations, steal affiliates,…

Summary Points Threat Identification: The Russian state-sponsored group Static Tundra is exploiting a critical seven-year-old vulnerability (CVE-2018-0171) in Cisco IOS, targeting sectors of strategic interest, particularly in the context of the Russo-Ukrainian war. Attack Vector: Attackers are utilizing the vulnerability to gain unauthorized access, modifying configurations and collecting sensitive network data, including device configuration and traffic. Long-term Strategy: Linked to the FSB, Static Tundra focuses on long-term intelligence operations, emphasizing the importance of unpatched networking devices and evolving tactics to align with Russian governmental objectives. Mitigation Advice: Cisco urges immediate patching of the CVE-2018-0171 vulnerability or disabling the Smart Install…

Quick Takeaways Japan saw a 1.4-fold increase in ransomware attacks in early 2025, with 68 incidents compared to 48 in the same period of 2024, predominantly targeting small and medium-sized enterprises. Manufacturing and automotive sectors are most affected, accounting for the majority of attacks, with consistent monthly incident rates averaging 11. The Qilin group emerged as the leading threat actor in Japan during the first half of 2025, with eight attacks, after previous groups LockBit and 8base were disrupted by law enforcement. A new ransomware group, Kawa4096, launched operations in June 2025, deploying advanced, evasion-capable malware KaWaLocker with sophisticated encryption…

Top Highlights Targeting European Embassies: State-sponsored hackers resembling North Korea’s Kimsuky group are executing personalized spear-phishing attacks against European embassies in South Korea since March. High-Level Espionage Tactics: The attacks exhibit a sophisticated understanding of diplomatic practices, utilizing personalized emails with attachments that mimic official communications, making them hard to detect. Collaboration with China: Evidence suggests the hackers may be operating out of or in cooperation with China, utilizing Chinese work schedules and infrastructure to conduct their espionage while seeking geopolitical cover. Malicious Payloads and Techniques: Downfall for targets involves downloading scripts for system information theft and connecting to attacker-controlled…

Summary Points Vulnerability Disclosure: Popular password manager browser plugins, including 1Password and Bitwarden, have been found vulnerable to a new clickjacking attack that could lead to credential theft, 2FA code capture, and credit card information leakage. DOM Manipulation Technique: The attack, presented by Marek Tóth at DEF CON 33, exploits browser extensions by manipulating UI elements in the DOM, allowing an invisible pop-up to capture user inputs without their knowledge. Widespread Impact: Eleven widely-used password managers were tested, with most being susceptible to this attack, revealing a significant risk for millions of users due to auto-fill features functioning on any…

Top Highlights Passwordless Login Revolution: Keeper Security introduces biometric passkey logins for its browser extensions and Keeper Commander CLI, eliminating the need for lengthy passwords and multiple authentication factors. Secure and Convenient: Biometric passkeys utilize FIDO2/WebAuthn protocols, allowing users to log in with fingerprints, face scans, or PINs, enhancing security while keeping biometric data device-local and private. Cross-Device Compatibility: Available on various platforms (Windows Hello for Windows 11 and Touch ID for Mac), this update ensures a smooth and consistent login experience across devices and browsers. Enterprise Adoption and Benefits: 80% of companies are adopting passkeys to combat phishing and…

Essential Insights Cybercriminals are increasingly exploiting the AI-powered Lovable platform to create fake websites for phishing, malware, and fraud, impersonating major brands with traffic filters like CAPTCHA. Proofpoint observed tens of thousands of malicious Lovable URLs engaged in campaigns targeting organizations, involving credential harvesting, MFA token theft, payment scams, cryptocurrency theft, and malware delivery. Despite Lovable’s new real-time detection and daily scans to prevent abuse, malicious sites can still be created and hosted on the platform, indicating existing protections aren’t fully effective. The ease of creating fraudulent sites on Lovable lowers the barrier to entry for cybercriminals, highlighting the ongoing…

Top Highlights Key Appointment: Jenna Raby joins Pillar Security as Senior Vice President of Growth to enhance global expansion and meet increasing demand for AI security solutions. Proven Track Record: Raby previously achieved 5X revenue growth at Zero Networks and led global expansion at RiskIQ, showcasing her expertise in scaling cybersecurity companies. Strategic Vision: Raby emphasizes the critical need for secure AI solutions, highlighting Pillar’s commitment to innovative, holistic approaches to cybersecurity in the AI era. Recent Milestones: Pillar Security’s growth is underscored by a recent $9 million funding round and recognition in multiple Gartner research documents related to AI…

Fast Facts Launch on AWS Marketplace: CeTu’s agentless no-code platform is now available on Amazon Web Services, streamlining procurement and enabling teams to access pre-approved IT budgets. Cost and Complexity Reduction: CeTu aids enterprises in managing vast amounts of security data, cutting SIEM costs by up to 80% while enhancing visibility, detection, and response capabilities. Federated Data Management: The platform supports a federated approach to data ingestion, intelligently routing security data to the most effective storage solutions, thereby automating and optimizing processes. User-Friendly Implementation: CeTu is designed for easy use by everyday engineers, allowing rapid deployment with minimal coding expertise,…