Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code ...
The Hacker News

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 now employs ClickFix, fileless PowerShell, and DLL sideloading to gain stealthy access that enables ransomware ...
Hackaday

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you ...

How to Spot a ‘Sleeper’ Browser Extension That’s Actually Malware

Malicious extensions occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. Some of them only morph into malware after gaining ...

Complete Crawler List For AI User-Agents [Dec 2025]

Use server logs, user agent strings, and IP verification to manage GPT, Claude, Gemini, and more while protecting bandwidth ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...