SecurityWeek

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

PeopleSoft vulnerability mitigated by Oracle this week has been exploited by ShinyHunters as a zero-day to steal data from ...
CSO Online

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

Attackers leveraged a critical unauthenticated RCE bug to breach higher‑ed institutions, deploy stealth remote access tools, ...
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
Morning Overview on MSN

OpenAI struck a deal to run its models and Codex tool across Oracle’s cloud

OpenAI has agreed to deploy its AI models and its Codex coding assistant across Oracle’s cloud infrastructure, a deal that ...
Bleeping Computer

CISA flags two-year-old Oracle flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...
Infosecurity-magazine.com

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...
Guru3D.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments. According to published ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...