FISA

  A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was uncovered recently, and security researchers found that the operator used a malicious file posing as a .PNG image. The VSCode Market is Microsoft’s official extensions portal for the widely used VSCode integrated development environment (IDE), allowing developers to extend its functionality or add visual customizations. Due to its popularity and potential for high-impact supply-chain attacks, the platform is constantly targeted by threat actors with evolving campaigns. ReversingLabs, a company specializing in file and software supply-chain security, found that the malicious extensions come pre-packaged with a ‘ node_modules ’ folder to prevent VSCode from fetching dependencies from the npm registry when installing them. Inside the bundled folder, th...

  Introduction: A Vulnerability Hidden in Plain Sight Online platforms increasingly rely on verification systems to stop fake accounts and fraudulent activities. Yet a new study by University of Cambridge researchers reveals that one of the most widely used security methods, SMS verification can be bypassed for just a few cents , calling into question the effectiveness of this defense. Their findings highlight a growing challenge in the fight against online fraud. SMS Verification: Not as Secure as We Think Most websites, apps, and social platforms request a phone number and send a one-time SMS code during registration. This method is supposed to prove that a user is legitimate. However, the Cambridge team found that cheap disposable phone numbers can bypass this process entirely , making it extremely easy for fraudsters to operate at scale. Key points from the research: Fake accounts can be created using SMS activation services for less than 30 cents per number. In some...

  A newly discovered Android malware dubbed DroidLock can lock victims’ screens for ransom and access text messages, call logs, contacts, audio recordings, or even erase data. DroidLLock allows its operator to take complete control of the device via the VNC sharing system and can steal the device lock pattern by placing an overlay on the screen. According to researchers at mobile security company Zimperium, the malware targets Spanish-speaking users and is distributed through malicious websites promoting fake applications that impersonate legitimate packages. In a report today, Zimperium says that the "infection starts with a dropper that deceives the user into installing the secondary payload that contains the actual malware." The malicious apps introduce the main payload via an update request and then ask for Device Admin and Accessibility Services permissions, which let it to perform fraudulent activities. Some of the actions it can take are ...

  Introduction Cybersecurity threats are growing at a rapid pace, and even the world’s most widely used web browser is not immune. Recently, government cybersecurity authorities issued an urgent alert advising all Google Chrome users to update their browser immediately. This warning follows the discovery of several critical vulnerabilities in Chrome that could put millions of users at serious risk. What Triggered the Warning? India’s national cybersecurity agency, CERT-In , uncovered multiple high-severity security flaws affecting desktop versions of Google Chrome. These vulnerabilities are considered especially dangerous because they can be exploited remotely, without any direct user interaction. In other words, attackers could potentially compromise a device simply by getting a user to visit a malicious webpage. CERT-In reported that these issues could allow cybercriminals to: Execute harmful code on a victim’s device Gain unauthorized access to sensitive or personal info...

  Germany is taking decisive steps to strengthen its cybersecurity framework following the rise of digital threats. Last month, the Bundestag adopted the NIS-2 Implementation Act, translating the EU NIS-2 Directive (Directive (EU) 2022/2555) into national law. Published in the Federal Law Gazette on 5 December 2025 and in force since 6 December 2025, the Act modernizes the country’s IT security legislation and broadens the range of entities subject to regulatory oversight.  The Federal Office for Information Security (BSI) is tasked with supervision and enforcement under the Act, coordinating cybersecurity across federal agencies in its role as the CISO Bund. The law applies to industrial production, including electronics, machinery, vehicles, and other transport systems. Obligations generally target companies with at least 50 employees or that meet specific revenue and balance sheet thresholds.  Certain sensitive sectors, such as telecommunications and digital services, ...

Geopolitics has become a significant risk factor for today’s organizations, transforming cybersecurity into a technical and strategic challenge heavily influenced by state behavior. International tensions and the strategic calculations of major cyber powers, including Russia, China, Iran, and North Korea, significantly shape the current threat landscape. Businesses can no longer operate as isolated entities; they now function as interconnected global ecosystems where employees, suppliers, cloud workloads, supply chains, and data flows intersect across multiple jurisdictions, each with its own unique set of political risks. A region considered low-risk last month could become a high-risk zone overnight if a diplomatic dispute escalates. An overseas development team could suddenly become vulnerable if that region experiences sanctions, stricter regulations, or state pressure on the workforce. Many organizations still underestimate this dynamic reality, relying on static risk models that ...

Most businesses treat breaches as perimeter problems — patch the firewall, update the antivirus, sleep better at night. But the real threat isn’t how attackers get in — it’s what they do after they’re already inside. That’s the brutal reality of lateral movement, and a recent Global Cloud Detection and Response Report confirms it remains the toughest threat for security teams to spot and stop. Lateral movement isn’t just a fancy buzzword — it’s the phase of a cyberattack where an intruder navigates sideways across systems after gaining initial access. Instead of blasting past perimeter defenses, they quietly escalate privileges, harvest credentials, and hop from one asset to the next. Attackers use legitimate credentials and built-in tools like PowerShell, RDP or SMB to mask their activity, making them extremely difficult to detect.  Why does this matter? Because once attackers move laterally: They can reach your crown jewels — databases, domain controllers, backups. Huntress...