The Hacker News

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 now employs ClickFix, fileless PowerShell, and DLL sideloading to gain stealthy access that enables ransomware ...
CNET

Is That Link Legit? How to Spot and Avoid Scams in Your Inbox

"Smartphones do their best to block scam links, so attackers use tricks to make their links clickable," said Joshua McKenty, CEO of Polyguard.ai, a cybersecurity company that helps businesses protect ...

Shadow spreadsheets: The security gap your tools can’t see

When official systems can't support everyday workflows, employees turn to spreadsheets — creating "shadow spreadsheets" that ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...