​Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users. The extensions, named “ahban.shiba”… Read More »VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware

​A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t… Read More »⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

​A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries… Read More »Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks

​The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. “The payload… Read More »GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

​The U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder… Read More »U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

​Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. “UAT-5918, a threat actor believed to be… Read More »UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools

​The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed… Read More »Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

​Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. “Head Mare relied heavily on tools previously… Read More »Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers

​The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations. These entities include… Read More »China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

​After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit.… Read More »10 Critical Network Pentest Findings IT Teams Overlook