Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers. The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio
SquareX Labs reveló un nuevo vector de ataque denominado “AI Sidebar Spoofing” o suplantación del panel lateral de IA, que demuestra cómo una extensión de navegador maliciosa (o incluso una página web controlada por un atacante) puede inyectar una interfaz idéntica al panel lateral legítimo de un navegador con IA, y manipular las respuestas que…
De «actualizaciones de mantenimiento» va la cosa en estos primeros días de 2026 y le ha llegado el turno a Deepin 25, que acaba de lanzar una nueva versión menor en términos de numeración, pero relevante por el trabajo de pulido que incorpora. Nada de especial interés para los actuales usuarios de la distribución, pero…
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the «Autonomous SOC» and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We…
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk. Three strategic steps you can take this year…
IDNs or “International Domain Names” have been with us for a while now (see RFC3490[1]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference between:
Ejecución de código en remoto en DIAView de Delta Electronics Vie, 23/01/2026 – 09:33 Aviso SCI Recursos Afectados DIAView versiones anteriores a V4.2.0, incluida. Descripción Un investigador anónimo de Trend Zero Day ha informado sobre 1 vulnerabilidad de severidad alta que, en caso de ser exitosamente explotada, podría permitir a un atacante ejecutar código arbitrario. …
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the «Autonomous SOC» and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We…
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. «The attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign,» Fortinet FortiGuard Labs researcher Cara Lin said in a technical breakdown published this week. «These documents…