Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...

How to Spot a ‘Sleeper’ Browser Extension That’s Actually Malware

Malicious extensions occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. Some of them only morph into malware after gaining ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted ...