InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Gemini panel in Chrome left the doors open for hackers, and you must update ASAP

Researchers discovered a Chrome vulnerability that allowed malicious extensions to hijack the Gemini AI panel and access sensitive system resources. The post Gemini panel in Chrome left the doors open ...
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

OpenAI is putting ChatGPT, its browser and code generator into one desktop app

OpenAI is developing a “super app” for desktop that unifies ChatGPT, its browser and its Codex app, according to the Wall Street Journal and CNBC. A company spokesperson told the publications that ...