Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++

The popular free text editor Notepad++ has a serious problem: its updater infects computers with malware. There's a fix ...
WeLiveSecurity

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage ...

Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess

A new variant of the MacSync Stealer uses a code-signed Swift application to get around Apple's macOS Gatekeeper protections.
Security Boulevard

Beyond Cargo Audit: Securing Your Rust Crates in Container Images

Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges ...
SecurityWeek

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking

Recent Notepad++ releases address a vulnerability that has allowed threat actors to hijack the free source code editor’s ...
Cryptopolitan on MSN

User assets already stolen as new MacSync variant bypasses macOS security

The MacSync Stealer has transitioned from a ClickFix variant to a more sophisticated code-signed malware capable of bypassing traditional macOS ...
SecurityWeek

JumpCloud Remote Assist Vulnerability Can Expose Systems to Takeover

The insecure use of an uninstaller during the removal of JumpCloud Agent on Windows can be exploited to obtain System ...
Infosecurity Magazine

Malware Discovered in 19 Visual Studio Code Extensions

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...
The Hacker News

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Researchers uncover malware campaigns using cracked software and compromised YouTube videos to deliver CountLoader, GachiLoader, and info stealers.
The Hacker News

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Sophos reports STAC6565 targeting nearly 40 victims, with 80% of attacks hitting Canadian firms and involving QWCrypt ransomware.
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...