Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
November 2, 2025
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply
Application Security
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply chain risk. Swift token revocation ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols, and adopt Zero Trust to ...
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock authentication to enhance end-to-end encryption.
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious URL, exposing a major denial-of-service ...
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for users expressing distress while reducing ...
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in NFC relay malware highlights rising ...
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
October 31, 2025
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols,
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
October 31, 2025
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
October 30, 2025
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
October 30, 2025
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
October 30, 2025
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability,
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.