access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks.The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus,…
-
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-everest-forms-pro-flaw-exploited-to-take-over-wordpress-sites/ also interesting: WordPress Motors theme flaw mass-exploited to hijack admin accounts Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme Hackers…
-
‘Immediate national priority’: ministers accused of complacency over UK food supply
Cold storage and logistics body warns food supplies at risk from fuel shortages, cyber attacks and extreme weatherMinisters have been accused of being complacent about the risks to vital supplies of food into the UK amid concerns over fuel shortages, cyber attacks and extreme weather.The trade body for cold storage and logistics has urged the…
-
AI-Powered Penetration Testing with Metasploit
Overview This article documents an end-to-end agentic penetration test. Claude Desktop, connected to the Metasploit Framework through the Model Context Protocol (MCP), turns plain-English tasks First seen on hackingarticles.in Jump to article: www.hackingarticles.in/ai-powered-penetration-testing-with-metasploit/ also interesting: Hackers Turn Red Team AI Tool Into Citrix Exploit Engine Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance…
-
Polizei nutzt Databroker: Überwachung ohne Richterbeschluss?
Tags: unclassifiedDie Polizei nutzt Databroker und kauft offenbar Standortdaten aus Apps. Datenschützer warnen vor Überwachung ohne Richterbeschluss. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/netzpolitik/polizei-nutzt-databroker-ueberwachung-ohne-richterbeschluss-329841.html also interesting: Skyscraper-high sewage plume erupts in Moscow Justiz-Kommunikation gestört: Mein Justizpostfach tagelang nicht verfügbar Bechtle geht auch für 2024 von Wachstum bei Umsatz und Ertrag aus TLS Certificates Renewal with…
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. Each vulnerability carries a maximum CVSS 3.1 severity score…
-
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life .NET Framework 4.0. Telemetry revealed the threat actors established access 75 days prior to the…
-
Crypto-Funded Chinese Peptide Labs Are Booming
Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-crypto-funded-chinese-peptide-labs-are-booming/ also interesting: Top 10 Cybersecurity Predictions for 2026 Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims China-linked hackers target Taiwan chip firms…
-
Chinesische Hacker-Gruppe TA4922 steigert Angriffstempo auf Deutschland
Die chinesischsprachige Hacker-Gruppe TA4922 weitet ihre Angriffe massiv auf Europa aus und nutzt dafür KI-generierte Phishing-Kampagnen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/chinesische-hacker-gruppe-ta4922 also interesting: Online-Betrüger setzen auf KI und synthetische Identitäten Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors Deutschland größtes Hacker-Ziel in der EU Cybercrime Inc.: Wenn Hacker besser organsiert…
-
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles local defenses before deploying process-hollowed payloads. The attack chain begins with a malicious HTML attachment,…
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, risk, service, threat, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service. With active exploitation observed in the wild, this development signals a severe risk to enterprise…
-
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.”Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.GitHub supports…
-
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
Tags: cisa, cve, cybersecurity, dos, exploit, flaw, infrastructure, kev, service, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash First seen on thehackernews.com…
-
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.The company, the successor to Luminati, operates what it calls the largest residential…
-
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective combination of voice phishing, remote monitoring and management abuse, and unprecedented physical office intrusions. Attackers…
-
Keyfactor erneut in Inc. Best Workplaces 2026 aufgenommen
Tags: unclassifiedUnternehmenskultur zum echten Wettbewerbsfaktor. Für Keyfactor ist die sechste Auszeichnung in Folge mehr als ein Employer-Branding-Erfolg. Sie unterstreicht, dass Digital Trust nicht nur eine technische Disziplin ist. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/keyfactor-erneut-in-inc-best-workplaces-2026-aufgenommen/a45390/ also interesting: Would you like an audio recording with that? McDonalds records conversations for Quality Assurance Purposes: … Yahoo! Japan…
-
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign.The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories.”Access to this First seen on thehackernews.com Jump…
-
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a…
-
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He…
-
Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He…
-
Deutschlands digitale Identität vor der europäischen Wende
AMLR, EUDI-Wallet und wachsende Betrugsrisiken verändern digitale Identitätsprozesse. Für Unternehmen und öffentliche Stellen wird entscheidend, etablierte Verfahren und neue europäische Vertrauensdienste sicher miteinander zu verbinden. Deutschland verfügt über etablierte und regulierte Verfahren für die digitale Identitätsprüfung. Videoidentifikationsverfahren ermöglichen es insbesondere Banken, Fintechs und anderen regulierten Unternehmen, Personen bei digitalen Registrierungs- und Vertragsabschlussprozessen aus der… First…
-
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP)”A…
-
Stock exchange executive’s Outlook mailbox stolen over course of 5 months
Tags: breachFirst seen on scworld.com Jump to article: www.scworld.com/news/stock-exchange-executives-outlook-mailbox-stolen-over-course-of-5-months also interesting: Staying Safe During Amazon Prime Day Payment gateway data breach affects 1.7 million credit card owners Florida Department of Health Informs RansomHub Hack Victims ADT Breach Exposes Data of 5.5 Million Customers, ShinyHunters Likely Behind Attack
-
U.S. sanctions Iran’s largest crypto exchange Nobitex for facilitating terrorism financing
First seen on scworld.com Jump to article: www.scworld.com/brief/u-s-sanctions-irans-largest-crypto-exchange-nobitex-for-facilitating-terrorism-financing also interesting: Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems Israel-tied Predatory Sparrow hackers are waging cyberwar on Iran’s financial system The U.S. sanctions Nobitex crypto exchange used by…
-
US agencies warn of hackers targeting fuel tank monitoring systems
First seen on scworld.com Jump to article: www.scworld.com/brief/us-agencies-warn-of-hackers-targeting-fuel-tank-monitoring-systems also interesting: 8 security risks overlooked in the rush to implement AI Hackers use Vishing to breach Salesforce customers and swipe data Der Raspberry-Pi-Weckruf für CISOs Hackers turn bossware against the bosses
-
The Trump AI EO strikes a compromise to balance innovation with accountability
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/perspective/the-trump-ai-eo-strikes-a-compromise-to-balance-innovation-with-accountability also interesting: SugarGh0st RAT Variant Used in Targeted AI Industry Attacks ISMG Editors: Social Engineering, Election Defense in AI Era Review: The Developer’s Playbook for Large Language Model Security Intergenerational Mentoring: Key to Cybersecurity’s AI Future
-
Ultrahuman reports customer wellness data accessed in breach
First seen on scworld.com Jump to article: www.scworld.com/brief/ultrahuman-reports-customer-wellness-data-accessed-in-breach also interesting: NASA laptop with unencrypted data stolen from vehicle UK’s Legal Aid Agency discloses a data breach following April cyber attack Hackers are sending extortion emails to executives after claiming Oracle apps’ data breach Defenders fall behind, as AI rewrites the rules of a data breach
-
AI is shrinking the attack window. MSSPs need faster exposure decisions
First seen on scworld.com Jump to article: www.scworld.com/news/seemplicity-helps-security-teams-mssps-catch-up-with-ai-powered-attackers also interesting: CISOs’ top 12 cybersecurity priorities for 2025 What Tackling the SaaS Security Problem Means to Me 6 key trends redefining the XDR market Exposure Management Beyond The Endpoint
-
AI is shrinking the attack window. MSSPs need faster exposure decisions
First seen on scworld.com Jump to article: www.scworld.com/news/seemplicity-helps-security-teams-mssps-catch-up-with-ai-powered-attackers also interesting: What Tackling the SaaS Security Problem Means to Me 6 key trends redefining the XDR market Exposure Management Beyond The Endpoint Exposure Management Beyond The Endpoint
-
NetApp and Cisco expand FlexPod for enterprise AI infrastructure
First seen on scworld.com Jump to article: www.scworld.com/brief/netapp-and-cisco-expand-flexpod-for-enterprise-ai-infrastructure also interesting: 6 hot cybersecurity trends G42 and Cisco expand strategic partnership to drive AI innovation and infrastructure growth OAuth token compromise hits Salesforce ecosystem again, Gainsight impacted 7 top cybersecurity projects for 2026
-
Netskope launches AI Command Center for AI discovery and risk response
First seen on scworld.com Jump to article: www.scworld.com/brief/netskope-launches-ai-command-center-for-ai-discovery-and-risk-response also interesting: Consumers continue to overestimate their ability to spot deepfakes SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 Why key management becomes the weakest link in a post-quantum and AI-driven security world Claude Code Security: Why the…
-
Netskope launches AI Command Center for AI discovery and risk response
First seen on scworld.com Jump to article: www.scworld.com/brief/netskope-launches-ai-command-center-for-ai-discovery-and-risk-response also interesting: Consumers continue to overestimate their ability to spot deepfakes SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 Why key management becomes the weakest link in a post-quantum and AI-driven security world Claude Code Security: Why the…
-
Netskope launches AI Command Center for AI discovery and risk response
First seen on scworld.com Jump to article: www.scworld.com/brief/netskope-launches-ai-command-center-for-ai-discovery-and-risk-response also interesting: Consumers continue to overestimate their ability to spot deepfakes SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 Why key management becomes the weakest link in a post-quantum and AI-driven security world Claude Code Security: Why the…
-
Microsoft introduces execution containers for AI agents
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-introduces-execution-containers-for-ai-agents also interesting: SIEM-Kaufratgeber Thales Named a Leader in the Data Security Posture Management Market 10 promising cybersecurity startups CISOs should know about 10 promising cybersecurity startups CISOs should know about
-
New malspam campaign uses Google DoubleClick to deliver DesckVB RAT
First seen on scworld.com Jump to article: www.scworld.com/brief/new-malspam-campaign-uses-google-doubleclick-to-deliver-desckvb-rat also interesting: SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62 Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data New Phishing Campaign Exploits Google Storage to Deliver Remcos RAT
-
WordPress Kirki plugin vulnerability allows account takeover
First seen on scworld.com Jump to article: www.scworld.com/brief/wordpress-kirki-plugin-vulnerability-allows-account-takeover also interesting: Jetpack Addresses Critical WordPress Plugin Vulnerability WordPress Plugin Flaw Exposes 40,000+ Websites to Cyber Attack WordPress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks Critical Kirki flaw exploited to hijack WordPress admin accounts
-
MSPs get a simpler way to deploy network security
First seen on scworld.com Jump to article: www.scworld.com/news/msps-get-a-simpler-way-to-deploy-network-security also interesting: Acronis warns MSPs to check tools sitting on their networks 6 key trends redefining the XDR market Singapore issues critical alert on Dire Wolf ransomware targeting global tech and manufacturing firms 5 key trends reshaping the SIEM market
-
What Is Agentic Identity and AI Identity Governance?
First seen on scworld.com Jump to article: www.scworld.com/tech-explainer/what-is-agentic-identity-and-ai-identity-governance also interesting: Why identity security is your best companion for uncharted compliance challenges 13 Produkt-Highlights der Black Hat USA 6 key trends reshaping the IAM market Why CISOs Need to Start Taking AI Third-Party Risk Seriously
-
How MSPs can turn observability into a billable service
First seen on scworld.com Jump to article: www.scworld.com/news/how-msps-can-turn-observability-into-a-billable-service also interesting: Sophos rolls out MSP Elevate Are You Ready to Offer DSPM-as-a-Service? Why MSPs and MSSPs Need to Think Data-First Turning Email Authentication into a Revenue Engine: Why Australian MSPs Can’t Afford to Ignore DMARC-as-a-Service Proofpoint Ramping Up Big MSP Growth Push In North America: Exec
-
Optiv launches AI-driven partner portal with Channelscaler
Tags: aiFirst seen on scworld.com Jump to article: www.scworld.com/brief/optiv-launches-ai-driven-partner-portal-with-channelscaler also interesting: The Future of Multi-Factor Authentication in an AI-Driven Content Marketing Agency SIEM, Startups, and the Myth (Reality?) of IT Inertia: A Reformed Analyst Reflects on SIEM MQ 2025 Why key management becomes the weakest link in a post-quantum and AI-driven security world Claude Code Security:…
-
JupiterOne adds Continuous Controls Monitoring for security and compliance teams
First seen on scworld.com Jump to article: www.scworld.com/brief/jupiterone-adds-continuous-controls-monitoring-for-security-and-compliance-teams also interesting: Why identity security is your best companion for uncharted compliance challenges Cybersecurity in the supply chain: strategies for managing fourth-party risks Avoiding the next technical debt: Building AI governance before it breaks How orphaned applications are quietly fueling your shadow IT problem
-
Cyber insurance readiness is an MSSP service opportunity
First seen on scworld.com Jump to article: www.scworld.com/news/cyber-insurance-readiness-is-an-mssp-service-opportunity also interesting: 12 cyber industry trends revealed at RSAC 2026 The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility Thales named a 2026 Google Partner of the Year Infrastructure Modernization: Sovereign Cloud Category MSSPs see new opportunity as CrowdStrike extends QuiltWorks to cyber insurance
-
What Is Non-Human Identity Management?
Tags: identityFirst seen on scworld.com Jump to article: www.scworld.com/tech-explainer/what-is-non-human-identity-management also interesting: An identity defenders’ worst nightmare? Initial Access Brokers and here is why Security researchers caution app developers about risks in using Google Antigravity EU Age Verification App Breached in Just 2 Minutes, Researchers Claim Adaptive Security Leadership in an Expanding Threat Surface
-
9.8 Mirasvit bug actively exploited on Magento servers
Tags: exploitFirst seen on scworld.com Jump to article: www.scworld.com/news/98-mirasvit-bug-actively-exploited-on-magento-servers also interesting: NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers Source code and vulnerability info stolen from F5 Networks AppsFlyer SDK Exploited in New Supply Chain Crypto Attack Phishing and MFA exploitation: Targeting the keys to the kingdom
-
World Food Programme reports data breach affecting Palestinian beneficiaries
First seen on scworld.com Jump to article: www.scworld.com/brief/world-food-programme-reports-data-breach-affecting-palestinian-beneficiaries also interesting: Iranian Intel-Linked Cybersecurity School Hit by Data Breach French agency Pajemploi reports data breach affecting 1.2M people LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities Breach Roundup: Shai-Hulud Copycat Hits npm
-
DentaQuest data breach exposes sensitive information of 2.6 million accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/dentaquest-data-breach-exposes-sensitive-information-of-2-6-million-accounts also interesting: Disney ditching Slack after massive July data breach 20th January Threat Intelligence Report Pi-hole Data Breach Exposes Donor Emails Through WordPress Plugin Flaw The Third-Party Ripple: Stopping Supply Chain and Vendor Breaches
-
DentaQuest data breach exposes sensitive information of 2.6 million accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/dentaquest-data-breach-exposes-sensitive-information-of-2-6-million-accounts also interesting: Alleged Heineken Data Breach Potentially Impacts Over 8,000 Employees Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it ManoMano data breach impacted 38 Million customer accounts Charter confirms data breach after ShinyHunters extortion threat
-
DentaQuest data breach exposes sensitive information of 2.6 million accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/dentaquest-data-breach-exposes-sensitive-information-of-2-6-million-accounts also interesting: Alleged Heineken Data Breach Potentially Impacts Over 8,000 Employees Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it ManoMano data breach impacted 38 Million customer accounts Charter confirms data breach after ShinyHunters extortion threat
-
DentaQuest data breach exposes sensitive information of 2.6 million accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/dentaquest-data-breach-exposes-sensitive-information-of-2-6-million-accounts also interesting: Alleged Heineken Data Breach Potentially Impacts Over 8,000 Employees Another Salesforce-linked data breach has ShinyHunters’ fingerprints all over it ManoMano data breach impacted 38 Million customer accounts Charter confirms data breach after ShinyHunters extortion threat
-
Fake document marketplace aiding migrant smuggling dismantled in Spain
Tags: marketplaceFirst seen on scworld.com Jump to article: www.scworld.com/brief/fake-document-marketplace-dismantled-in-spain-aiding-migrant-smuggling also interesting: IRONSCALES + Sherweb: Delivering Smarter, Scalable MSP Email Security North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack Three Arrested for Hacking Over 610,000 Roblox Accounts