A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. [...]
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]
The site was running from 2014 and allegedly raked in more than $20m, which the DOJ is seeking to claw back... Categories: Naked Security Tags: bust, doj, Netwalker, Phishing, Ransomware
74 CVEs, and two "Exploitation Detected" advisories, which are nearly but not quite the same as 0-days. Also, two potential Teams treacheries that you really want to fix. Categories: Naked Security Tags: Patch Tuesday, vulnerability, Zero-day
Sentences still to be decided, but she could get up to 10 years and he could get as many as 20. Categories: Naked Security Tags: Bitfinex, BTC, Crocodile, cryptoheist, doj, Lichtenstein, Morgan, Razzlekhan