Tracked as CVE-2021-22893, the vulnerability was made public in late April, after security researchers discovered that threat actors had already been exploiting it in attacks targeting organizations in the defense, financial, government, high tech, and transportation sectors in the U.S. and Europe. At the time, FireEye revealed that at least two Chinese threat actors believed…

Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks. Snyk’s security researchers analyzed popular VS Code extensions that start web servers, which are typically accessible locally via a…

The number of coordinated inauthentic behavior (CIB) campaigns derailed at the leading social network ramped up each year since a Russia-linked operation to sway the outcome of the 2016 US presidential election put Facebook on the defensive. While those behind influence operations (IO) went unchecked on the playing field in 2016, Facebook has invested in…

The London, United Kingdom-based company leverages machine learning to prevent attacks that rely on email and social engineering. It describes its solution as “human layer security.” The company builds behavioral models for all employees and uses them to automatically detect security threats. Furthermore, by notifying employees of these issues, it aims to help improve individual…