CAPTCHAs are supposed to keep you safe - not lure you into a trap. A new campaign is using fake CAPTCHA challenges to push LegionLoader onto unsuspecting users. What looked like handy developer tools turned out to be miners in disguise. Nine malicious extensions were uncovered on the VSCode Marketplace, posing as legitimate utilities while secretly running XMRig miner. A supply chain attack is targeting the builders, not just the users. Researchers identified two Python packages aimed at cryptocurrency app developers, designed to swipe sensitive database files. Read on for more.
01
Netskope discovered a new malicious campaign that uses fake CAPTCHAs and CloudFlare Turnstile to trick victims into downloading LegionLoader, which leads to the installation of a malicious browser extension.
02
Nine malicious extensions were discovered on Microsoft's VSCode Marketplace, posing as legitimate tools while secretly installing the XMRig cryptominer to mine Ethereum and Monero, with over 300,000 installs since April 4.
03
A latest version of Neptune RAT has been discovered, which has been proliferating across GitHub, Telegram, and YouTube and targeting Windows users.
04
The PoisonSeed campaign is targeting enterprise organizations, VIP individuals, and cryptocurrency holders, by compromising CRM and bulk email providers, and deploying a novel crypto seed phrase phishing attack.
05
An ongoing phishing campaign impersonating toll agencies like E-ZPass has surged, with recipients receiving multiple texts designed to steal personal and credit card information.
06
ReversingLabs discovered a sophisticated software supply chain attack that targeted cryptocurrency application developers, involving two malicious Python packages designed to steal sensitive database files.
07
Google has patched 62 vulnerabilities, including two high-severity ones that have been exploited in the wild, as part of its April 2025 security update.
08
A severe RCE vulnerability (CVE-2025-2945) in pgAdmin has been patched, which could allow authenticated users to execute arbitrary commands on affected systems.
09
The Everest ransomware gang's dark web leak site was seemingly hacked over the weekend by an unidentified attacker, causing it to go offline.
10
Cybersecurity startup Qevlar raised $10 million in new funding from EQT Ventures and Forgepoint Capital International, bringing total funds raised to $14 million.
