Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Researchers disclosed multiple serious vulnerabilities in four widely used Microsoft Visual Studio Code extensions that collectively have over 125 million installs. The flaws could let attackers exfiltrate local files and run arbitrary code on developer machines. Users are urged to audit installed extensions and apply patches or remove risky ones until fixes are available.
Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails to AI Summarization
A security bug in Microsoft 365 Copilot lets the AI assistant summarize emails that are marked confidential and protected by DLP controls. This undermines expected data governance and could expose sensitive business information to unauthorized AI processing. Microsoft says a fix is rolling out, but admins should verify controls are enforcing as intended.
Chip Testing Giant Advantest Hit by Ransomware
Advantest Corporation, a major player in semiconductor test equipment, confirmed it has been hit by a ransomware attack. The company is investigating whether customer or employee data was stolen. This adds to a trend of ransomware targeting the semiconductor supply chain and could have ripple effects across manufacturing partners.
Fake Milano Cortina Sites Target Thousands with Discount Scams
Security researchers uncovered a wave of scam sites mimicking the official Milano Cortina 2026 merchandise store to trick shoppers with deep discounts. The fraudulent platforms were pushed through ads on social media, aiming to harvest payment and personal information. Consumers should verify official domains and avoid deals that seem too good to be true.
youX Data Breach Exposes 444k Australians’ Personal Info
Finance technology firm youX suffered a breach that allowed unauthorized access to extensive personal and financial data of over 444,000 Australian users. The exposed information includes government ID numbers, addresses, and credit details tied to hundreds of lenders. youX has engaged external investigators and begun notifying affected individuals.
Vast Majority of Breaches Enabled by Preventable Gaps, Identity Weaknesses Says Palo Alto Networks
A new report from Palo Alto Networks’ Unit 42 found that most breaches in late 2024–2025 stemmed from avoidable issues like weak identity controls and misconfigurations. Identity-based attacks such as phishing and stolen credentials were dominant, with cloud identity overpermissiveness a significant factor. The report highlights the need for tighter identity hygiene and automated security practices.
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
The FBI issued a bulletin detailing nearly 1,900 ATM jackpotting cases since 2020, with attackers using malware and physical tampering to force dispensations. Losses in 2025 alone topped $20 million. The increase underscores ongoing threats to financial infrastructure and the need for improved physical and software protections around ATMs.
