Rogue Outlook Add-in "AgreeTo" Transforms into Potent Phishing Kit, Exfiltrating 4,000 Credentials and Payment Data
Abandoned Outlook add-in "AgreeTo" became a sophisticated phishing kit, stealing 4,000 credentials and payment data.
GitHub Codespaces: Unmasking RCE Vulnerabilities via Malicious Repository Injections
Deep dive into RCE threats in GitHub Codespaces, detailing attack vectors, exploitation, and robust mitigation strategies.
New GlassWorm Attack Leverages Compromised OpenVSX Extensions to Target macOS Developers and Crypto Assets
GlassWorm's new macOS attack exploits compromised OpenVSX extensions, stealing passwords, crypto-wallet data, and developer credentials.
Unmasking the ClawHub Threat: 341 Malicious Skills Jeopardize OpenClaw Users with Data Theft Campaigns
Koi Security uncovers 341 malicious ClawHub skills, exposing OpenClaw users to supply chain data theft risks.
Unmasking the Architects: Who Operates the Badbox 2.0 Botnet?
Kimwolf botnet claims compromise of Badbox 2.0 C2, potentially revealing operators of the vast Android TV box botnet.
ISC Stormcast Review: Navigating the Evolving Phishing Landscape of Early 2026
Analyzing the ISC Stormcast from Jan 26, 2026, focusing on advanced phishing, supply chain threats, and crucial defenses.
Elevated Risk: Unmasking Automatic Script Execution Vulnerabilities in Visual Studio Code
Deep dive into automatic script execution risks in VS Code, exploring attack vectors, mitigations, and the critical need for vigilance.
ISC Stormcast Review: Navigating 2026's Evolving Cyber Threat Landscape
Deep dive into ISC Stormcast's January 21, 2026 episode, covering AI-driven threats, supply chain risks, and proactive defense.