Security
Headlines
HeadlinesLatestCVEs

Latest News

CVE-2025-64660: GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#git#auth#GitHub Copilot and Visual Studio Code#Security Vulnerability
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of warfare, the tech giant's

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef. The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign, per the

Integrating Red Hat Lightspeed in 2025: From observability to actionable automation

Red Hat Lightspeed (formerly Red Hat Insights) has long helped operations teams detect risks, open tickets, and share findings with the right tools, connecting proactive intelligence to everyday workflows.Much has changed, not only in Red Hat Lightspeed itself, but also in how organizations are using it. Across industries, teams have built custom dashboards, reporting portals, and IT service management (ITSM) integrations powered by the Red Hat Lightspeed API. Others have connected Red Hat Lightspeed data into continuous integration and delivery (CI/CD) pipelines, monitoring environments, and

GHSA-f6x5-jh6r-wrfv: golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

GHSA-j5w8-q4qc-rx2x: golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Fortinet Woes Continue With Another WAF Zero-Day Flaw

A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.

WIRED Roundup: DHS’s Privacy Breach, AI Romantic Affairs, and Google Sues Text Scammers

In this episode of Uncanny Valley, we discuss our scoop about how the Department of Homeland Security illegally collected Chicago residents’ data for months, as well as the news of the week.

Do National Data Laws Carry Cyber-Risks for Large Orgs?

When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.

The AI Attack Surface: How Agents Raise the Cyber Stakes

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.