GlassWorm Malware Targets VS Code and OpenVSX Registries
The discovery of GlassWorm malware marks one of the most alarming supply chain attacks targeting developers this year. The self-spreading threat infiltrated Visual Studio Code and OpenVSX registries, distributing malicious extensions that automatically infected thousands of systems. The campaign exposed how trusted open-source ecosystems can become vectors for widespread compromise. How the GlassWorm Malware Works GlassWorm malware operates with alarming
Sotheby’s Data Breach Exposes Employee Financial Information
Sotheby’s data breach has sparked alarm across the luxury art world. The prestigious auction house confirmed that an unknown attacker accessed internal systems, exposing sensitive financial and personal information belonging to employees. The incident occurred in late July 2025. It was discovered after suspicious activity was detected within Sotheby’s network. The company quickly launched an investigation and involved external cybersecurity
SonicWall VPN Breach Hits Over 100 Accounts in Cyberattacks
The SonicWall VPN breach has triggered urgent warnings for organizations worldwide. Security analysts report that attackers accessed more than 100 SonicWall SSL VPN accounts using stolen credentials. The coordinated campaign, active since early October, has already affected multiple corporate environments across several countries. Investigators confirm that the intrusions relied on valid login information rather than brute-force methods. Once inside, attackers
Crimson Collective Launches Advanced AWS Attacks for Data Theft
The Crimson Collective hacker group has launched a new wave of cyberattacks aimed at Amazon Web Services (AWS) cloud environments. Their operations focus on stealing sensitive data from misconfigured instances, exposing how vulnerable cloud infrastructures can become when security practices are neglected. How the Group Infiltrates AWS Environments Researchers report that Crimson Collective exploits exposed AWS access credentials often found
DraftKings Account Breaches After Credential Stuffing
DraftKings account breaches in September 2025 highlight how password reuse still drives online account takeovers. The U.S. sports-betting giant confirmed that attackers used stolen logins from other sites to access a small number of customer accounts. Although no internal systems were compromised, the event renewed attention on multi-factor authentication and credential hygiene. Attack Overview On September 2, 2025, DraftKings’ security
Discord Data Breach Exposes Support Chats and User IDs
The Discord data breach has sparked concern after hackers accessed a third-party support vendor’s systems, stealing user information, support messages, and government ID images. While Discord’s core infrastructure remains secure, the incident highlights serious risks tied to external service providers managing user data. How the Breach Happened Discord confirmed that attackers compromised a third-party customer service platform used to manage
Klopatra Android Trojan Uses Hidden VNC to Hijack Phones
Security researchers warn that the Klopatra Android trojan is reshaping the mobile threat landscape. Unlike ordinary malware that steals data in the background, Klopatra gives attackers live visibility and full control of compromised phones. Hidden VNC sessions allow them to see the victim’s screen, simulate taps, and even transfer funds without detection. The malware is delivered through a fake IPTV+VPN
WestJet Data Breach Exposed Customer Passports
The WestJet data breach has placed thousands of travelers at risk after cybercriminals accessed sensitive passenger records. The Canadian airline confirmed that passport numbers and travel documents were among the exposed data. The breach has raised concerns about identity theft and placed renewed pressure on the aviation industry to strengthen its cybersecurity defenses. What Happened WestJet disclosed that an unauthorized
Fake Microsoft Teams Installers Push Oyster Malware in Malvertising Attack
Fake Microsoft Teams installers push Oyster malware through a new malvertising campaign. Cybercriminals exploit paid ads to trick people into downloading malware instead of legitimate software. By imitating Microsoft’s trusted collaboration platform, attackers increase the chances of success. This campaign is especially concerning because Microsoft Teams is a core tool for remote work and daily business communication. Employees often search
Rust Packages Malware Steals Crypto Wallet Keys
Rust packages malware has been discovered on Crates.io, the official Rust package registry. Security researchers flagged the packages for containing hidden code that stole cryptocurrency wallet keys. The incident adds to a growing wave of supply chain attacks targeting open-source developers and highlights the risks of blindly trusting dependencies. Malicious Crates on Crates.io Two malicious crates were uploaded to Crates.io,
