Cybersecurity

6952 readers
69 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
listing: all - local
1
7
Ransomware Attacks Hit All-Time High as Payoffs Dwindle (www.infosecurity-magazine.com)
submitted 14 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
2
9
WhatsApp flaw can let attackers run malicious code on Windows PCs (www.bleepingcomputer.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
3
9
Hackers lurked in Treasury OCC’s systems since June 2023 breach (www.bleepingcomputer.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
4
6
300K vehicles and millions of trips exposed in fleet manager’s data leak (cybernews.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
5
6
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (thehackernews.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
6
3
Microsoft April 2025 Patch Tuesday - SANS Internet Storm Center (isc.sans.edu)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

This month, Microsoft has released patches addressing a total of 125 vulnerabilities. Among these, 11 are classified as critical, highlighting the potential for significant impact if exploited. Notably, one vulnerability is currently being exploited in the wild, underscoring the importance of timely updates. While no vulnerabilities were disclosed prior to this patch release, the comprehensive updates aim to fortify systems against a range of threats, including remote code execution and privilege escalation. Users are encouraged to apply these patches promptly to enhance their security posture.

7
3
CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats (therecord.media)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
8
11
Pharmacist accused of spying on women using work, home cams (go.theregister.com)
submitted 1 day ago by PhilipTheBucket@ponder.cat to c/cybersecurity@sh.itjust.works
2 comments fedilink
9
2
Fastly DDoS Attack Insights helps reveal and explain the unfolding of a DDoS attack - Help Net Security (www.helpnetsecurity.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
10
2
New Mirai botnet behind surge in TVT DVR exploitation (www.bleepingcomputer.com)
submitted 23 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
11
97
Oracle tells customers its public cloud was compromised (go.theregister.com)
submitted 2 days ago by PhilipTheBucket@ponder.cat to c/cybersecurity@sh.itjust.works
3 comments fedilink
12
19
Google fixes Android zero-days exploited in attacks, 60 other flaws (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
13
16
Food giant WK Kellogg discloses data breach linked to Clop ransomware (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
14
34
CISA braces for more cuts, threat-intel efforts are doomed (go.theregister.com)
submitted 2 days ago by PhilipTheBucket@ponder.cat to c/cybersecurity@sh.itjust.works
0 comments fedilink
15
11
Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms (securityaffairs.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
16
6
ToddyCat APT Targets ESET Bug to Load Silent Malware (www.darkreading.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
17
6
Everest ransomware's dark web leak site defaced, now offline (www.bleepingcomputer.com)
submitted 1 day ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
18
12
Malicious VSCode extensions infect Windows with cryptominers (www.bleepingcomputer.com)
submitted 2 days ago* (last edited 18 hours ago) by drspod@lemmy.ml to c/cybersecurity@sh.itjust.works
2 comments fedilink
 
 

Edit 2025-04-09 16:42Z - article was updated with a tenth package (Prettier - Code)

A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero.

ExtensionTotal researcher Yuval Ronen has uncovered ten VSCode extensions published on Microsoft's portal on April 4, 2025.

The package names are:

  1. Prettier - Code for VSCode (by prettier) - 486K installs
  2. Discord Rich Presence for VS Code (by Mark H) - 189K installs
  3. Rojo – Roblox Studio Sync (by evaera) - 117K installs
  4. Solidity Compiler (by VSCode Developer) - 1.3K installs
  5. Claude AI (by Mark H)
  6. Golang Compiler (by Mark H)
  7. ChatGPT Agent for VSCode (by Mark H)
  8. HTML Obfuscator (by Mark H)
  9. Python Obfuscator for VSCode (by Mark H)
  10. Rust Compiler for VSCode (by Mark H)
19
28
WinRAR security flaw ignores Windows Mark of the Web security warnings (www.tomshardware.com)
submitted 3 days ago by Alphane_Moon@lemmy.world to c/cybersecurity@sh.itjust.works
19 comments fedilink
20
9
How curl developers write safe(r) code in C (www.youtube.com)
submitted 2 days ago by boredsquirrel@slrpnk.net to c/cybersecurity@sh.itjust.works
0 comments fedilink
 
 

Blog Post

The video is a commentary with examples

21
10
E-ZPass toll payment texts return in massive phishing wave (www.bleepingcomputer.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
2 comments fedilink
22
10
Python JSON Logger Vulnerability Enables Remote Code Execution - PoC Released (gbhackers.com)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
0 comments fedilink
23
8
New Evasive Campaign Uses Fake CAPTCHAs to Deliver LegionLoader (securityonline.info)
submitted 2 days ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works
1 comments fedilink
24
5
How ToddyCat tried to hide behind AV software. (securelist.com)
submitted 2 days ago by Tea@programming.dev to c/cybersecurity@sh.itjust.works
0 comments fedilink
25
29
Cyberattacks by AI agents are coming (www.technologyreview.com)
submitted 4 days ago by neme@lemm.ee to c/cybersecurity@sh.itjust.works
8 comments fedilink
view more: next ›