Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
î „Ravie Lakshmananî ‚Jan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS…
The Tea App Is Back With a New Website
The embattled Tea app is back. Months after being removed from Apple’s App Store in light of major…
Kaiser Permanente to pay $46 million in privacy data breach settlement. Here’s how to file a claim.
Kaiser Permanente has reached a lawsuit settlement over alleged patient data breaches involving Kaiser websites and mobile applications,…
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
î ‚Dec 23, 2025î „Ravie LakshmananVulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow…
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
î ‚Dec 19, 2025î „Ravie LakshmananVulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in…
Tech provider for NHS England confirms data breach
DXS International, a U.K.-based company that provides healthcare tech for England’s National Health Service (NHS), disclosed a cyberattack…
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every…
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
î ‚Dec 13, 2025î „Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS,…
Kaiser Permanente to Pay $46M for Patient Data Breach
The health system is settling a class action lawsuit after finding that data-tracking technology used on its websites…
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
î ‚Dec 05, 2025î „Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing…
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem…
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive…