July Patch Tuesday offers 127 fixes
The seventh month is always a big one for Microsoft, and this year is no exception
Similar Posts
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Bys sCybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below – ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057
Ninth Circuit Reverses Probation Sentence for Paige Thompson
Bys sConor Brian Fitzpatrick (aka “Pompompurin” of Breached.vc) isn’t the only person to have their sentence vacated and remanded for re-sentencing this year. Paige Thompson, who was responsible for the massive Capital One hack in 2019, will also be re-sentenced. Eugene Volokh writes: A short excerpt from the 9,000-word U.S. v. Thompson, decided yesterday by Ninth Circuit Judge…
New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status
Bys sA new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. “We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Bys sThe North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with…
Murdoc Botnet Ensnaring Avtech, Huawei Devices
Bys sThe Mirai-based Murdoc botnet has been actively targeting Avtech and Huawei devices for roughly half a year. The post Murdoc Botnet Ensnaring Avtech, Huawei Devices appeared first on SecurityWeek.
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
Bys sBrian Krebs reports: The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals…