CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Gemini panel in Chrome left the doors open for hackers, and you must update ASAP

Researchers discovered a Chrome vulnerability that allowed malicious extensions to hijack the Gemini AI panel and access sensitive system resources.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

Newark toddler's death prompts new legislation strengthening N.J.'s apartment window guard law

A New Jersey toddler's death after falling more than 20 stories​ has prompted new legislation designed to ensure windows are properly guarded in apartment buildings across the state.
WinBuzzer

Windows 11: Microsoft Copilot Will Bypass Your Default Browser

Microsoft has updated Copilot on Windows to open web links in an in-app side pane, bypassing users' default browser settings without offering an opt-out.