Looks like the GlassWorm is back to burrow through developer ecosystems again—this time wriggling into the OpenVSX marketplace with malicious VSCode extensions that have already snared over 10,000 downloads. Meanwhile, researchers uncovered Whisper Leak, a side-channel attack that infers AI chat topics from encrypted traffic, threatening sectors like healthcare and journalism. Adding to the wave, VIPRE’s Q3 2025 Email Threat Report shows attackers exploiting Outlook and Google mailboxes, with 90.5% of phishing links using open redirects, new domains fueling attacks, and BEC comprising 51% of malicious emails targeting executives. Continue reading for more.
01
GlassWorm malware has reemerged in the OpenVSX marketplace through three malicious VSCode extensions, downloaded over 10,000 times, using Solana transactions to steal credentials, crypto wallets, and GitHub data.
02
Researchers uncovered Whisper Leak, a side-channel attack that infers language-model conversation topics from encrypted network traffic by analyzing packet sizes and timings during streaming responses.
03
Nine malicious NuGet packages have been discovered that use time-delayed destructive payloads targeting databases and industrial control systems, exploiting trust via legitimate functions and typosquatting to evade detection.
04
VIPRE’s Q3 2025 Email Threat Report reveals that threat actors increasingly exploit Outlook and Google mailboxes, with 90.5% of phishing links using open redirects, a surge in new domains fueling attacks, and BEC accounting for 51% of malicious emails targeting executives.
05
A zero-day vulnerability in Samsung's Android image processing library (CVE-2025-21042) was exploited to deploy the spyware 'LandFall' via malicious images sent through WhatsApp.
06
Monsta FTP, a web-based file management application, was found to have a critical security vulnerability (CVE-2025-34299) that allows hackers to fully take over web servers via Remote Code Execution (RCE).
07
QNAP patched over two dozen vulnerabilities, including seven demonstrated at Pwn2Own Ireland 2025, which could lead to remote code execution, information disclosure, and DoS conditions.
08
State-sponsored KONNI APT actors launched a cyberattack on South Korean Android users, disguising malware as relaxation apps and exploiting Google’s Find Hub to remotely wipe sensitive data.
09
Pentera, a company focused on AI-powered Security Validation, has acquired EVA Information Security, a firm specializing in AI red teaming and penetration testing.
10
The IT service management company, Hexaware, acquired CyberSolve, a global identity and access management (IAM) solutions provider.
