Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident showing a multi-stage path from marketplace install to credential theft and full ...
Security Boulevard

Surge of OAuth Device Code Phishing Attacks Targets M365 Accounts

Financially motivated and nation-state threat groups are behind a surge in the use of device code phishing attacks that abuse Microsoft's legitimate OAuth 2.0 device authorization grant flow to trick ...
Infosecurity-magazine.com

Threat Actors Use Babuk Code to Build Hypervisor Ransomware

An increasing number of threat actors have been observed using the leaked Babuk code from 2021 to create a new form of ransomware targeting VMware ESXi hypervisor environments. According to an ...
Dark Reading

The Industry Must Better Secure Open Source Code From Threat Actors

Organizations increasingly rely on open source code. Many enjoy the convenience of using open source code to quickly innovate or spin up services without the time-consuming process of developing their ...

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Cybercriminals, including state-sponsored threat actors, are increasingly abusing Microsoft’s OAuth 2.0 device code ...
CoinTelegraph

Crypto firms cannot naively trust engineers with code, warns Exodus CEO

Crypto firms should never carelessly trust their engineers to upload code without an external review first, says JP Richardson, CEO of the self-custodial crypto platform Exodus. He argued that this is ...