New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
GitHub

File identification library for Rust.

Given a file (or some information about a file), return a set of standardized tags identifying what the file is. This is a Rust port of the Python identify library. What is the type: file, symlink, ...
GitHub

Obsidian Double Extension Blocker

In Obsidian, when an attachment file such as a .jpg cannot be found in the Vault, it becomes an "unresolved link." When this link is opened, an undesired markdown file with an extension like .jpg.md ...

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The threat group hid malware in image files.
The Hacker News

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could ...