A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. “We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality […]
Author Archives: Onsite Computing, Inc.
Esse Health, a healthcare provider based in St. Louis, Missouri, is notifying over 263,000 patients that their personal and health information was stolen in an April cyberattack. […] Go to Source Author: Sergiu Gatlan
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023. […] Go to Source Author: Sergiu Gatlan
Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It’s where 85% of modern work now happens. It’s also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices create a risk surface that most security stacks weren’t designed to handle. […]
Google has released emergency updates to patch another Chrome zero-day vulnerability exploited in attacks, marking the fourth such flaw fixed since the start of the year. […] Go to Source Author: Sergiu Gatlan
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 […]
The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action saw searches of 21 known or suspected “laptop farms” across 14 […]
Microsoft has said that it’s ending support for passwords in its Authenticator app starting August 1, 2025. The changes, the company said, are part of its efforts to streamline autofill in the two-factor authentication (2FA) app. “Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer […]
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. […] Go to Source Author: Lawrence Abrams
Microsoft has called the hacker collective one of the most dangerous current cyberthreats. Go to Source Author: Jai Vijayan, Contributing Writer