Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
Ars Technica

Poland’s energy grid was targeted by never-before-seen wiper malware

Researchers on Friday said that Poland’s electric grid was targeted by wiper malware, likely unleashed by Russia state hackers in an attempt to disrupt electricity delivery operations. A cyberattack, ...
SiliconANGLE

‘PyStoreRAT’ malware uses fake developer tools on GitHub to infect Windows systems

A new report out today from endpoint security firm Morphisec Inc. details a previously undocumented malware family dubbed “PyStoreRAT” that abuses trusted open-source platforms and Windows scripting ...
AppleInsider

Latest macOS malware uses trusted search & AI to dupe users

A new Atomic macOS Stealer (AMOS) attack vector weaponizes Google searches and a user's trust in AI chatbots, researchers have found. Once infected, the AMOS can collect data, passwords, and more from ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
CSOonline

Polymorphic AI malware exists — but it’s not what you think

We are either at the dawn of AI-driven malware that rewrites itself on the fly, or we are seeing vendors and threat actors exaggerate its capabilities. Recent Google and MIT Sloan reports reignited ...
Dark Reading

How Malware Authors Are Incorporating LLMs to Evade Detection

Threat actors are testing malware that incorporates large language models (LLMs) to create malware that can evade detection by security tools. In an analysis published earlier this month, Google's ...
Android Authority

New banking malware can stealth-hack your Android phone: Here's how to stay safe (Updated)

A malware, called “Sturnus,” has emerged, and it exploits Android’s accessibility features to spread on your phone even without you noticing. It gains access to your Android after being installed via ...
Kotaku

Microsoft Warns That Windows 11 AI Might Install Malware On Your PC

Microsoft’s push to make Windows 11 a fully AI PC operating system continues, with the company planning to roll out new AI agents that can complete tasks and make changes on your behalf. But the ...
Digital Trends

Google flags an AI-powered malware which rewrites itself in real time

What Happened: So, Google’s top security – Google’s Threat Intelligence Group, or GTIG – just found something that is frankly pretty terrifying. It’s a new type of malware they’re calling PROMPTFLUX.