The global development community is facing a surge in high-sophistication threats as attackers weaponize AI and trusted platforms. The newly uncovered MaliciousCorgi campaign has compromised nearly 1.5 million developers through two malicious VSCode extensions. Simultaneously, a multi-stage phishing campaign is targeting Russian corporate entities to deploy a destructive combination of Amnesia RAT and ransomware. Further escalating this landscape, the North Korean threat actor Konni has launched Operation Poseidon, leveraging AI-generated PowerShell backdoors to target blockchain engineers in Japan, Australia, and India. Continue reading for more cybersecurity news.
01
Two malicious AI-based coding assistant extensions on VSCode Marketplace, installed 1.5 million times, were found stealing developer data. The extensions, part of the 'MaliciousCorgi' campaign, exfiltrate files and user data to China-based servers.
02
A multi-stage phishing campaign has been identified targeting users in Russia, utilizing ransomware and Amnesia RAT. The attack begins with social engineering tactics.
03
North Korean hacking group Konni has been observed using AI-generated PowerShell malware to target blockchain developers in Japan, Australia, and India.
04
A security flaw in the RealHomes CRM plugin, used on over 30,000 WordPress sites, allowed low-privileged users to upload malicious files and potentially take over affected sites.
05
The Russian hacking group Sandworm launched the largest cyberattack on Poland's power system in late December 2025, using a newly discovered wiper malware called DynoWiper.
06
CISA has confirmed the active exploitation of four vulnerabilities affecting enterprise software from Versa (CVE-2025-34026), Zimbra (CVE-2025-68645), Vite (CVE-2025-31125), and Prettier (CVE-2025-54313).
07
Hackers are exploiting a critical vulnerability in the GNU InetUtils telnetd server, allowing authentication bypass and root access. This flaw, present since 2015, especially affects legacy and industrial systems still using Telnet.
08
CISA has added a critical vulnerability, CVE-2024-37079, affecting VMware vCenter Server to its KEV catalog due to evidence of active exploitation. This flaw is part of a set of four vulnerabilities, including another heap overflow and a privilege escalation issue.
09
Microsoft researchers identified an AiTM phishing attack targeting energy sector organizations using SharePoint services to bypass email security.
10
The NHS released an open letter calling for enhanced cybersecurity standards among suppliers to address ransomware threats. The letter emphasizes direct engagement with suppliers to mitigate risks.
