VSCode extensions with 9 million installs pulled over security risks
Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been disabled. The publisher, Mattia Astorino (aka equinusocio), has multiple extensions on the VSCode marketplace, totaling over 13 million installs.
Apple’s Find My network exploit lets hackers silently track any Bluetooth device
Apple’s Find My network lets users easily track their devices and accessories such as AirTag. However, despite having anti-stalking features, researchers at George Mason University recently discovered an exploit that lets hackers silently track any Bluetooth device through Apple’s network. As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device.
Chinese Cyber Espionage Jumps 150%, CrowdStrike Finds
High-profile campaigns like Volt Typhoon and Salt Typhoon made headlines in the past year, but they likely represent only a fraction of the extensive Chinese cyber espionage activity that has been unfolding in the shadows. According to CrowdStrike’s 2025 Global Threat Report, released on February 27, 2025, a staggering 150% surge in Chinese-backed cyber espionage operations across the world was observed in 2024. Critical industries saw up to a 300% spike in targeted attacks. The most targeted sectors were finance, media and manufacturing. The cybersecurity provider identified seven new China-nexus adversaries in 2024 and claimed to have blocked over 330 cyber-intrusion attempts attributed to Chinese hacking groups.
The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Our “2025 State of Application Risk” report, which shares the results of our analysis of the Legit ASPM platform data over the past 18 months, provides insights into various aspects of application security, including secrets exposure, AI risks, SDLC misconfigurations, and software supply chain issues. At the heart of this report lies the concept of “toxic combinations” in application security. Toxic combinations refer to the convergence of multiple risk factors that, when combined, create a significantly heightened security threat.
CalypsoAI Security Leaderboard offers safety ranking of major GenAI models
CalypsoAI launched the CalypsoAI Security Leaderboard, an index of all the major AI models based on their security performance. The CalypsoAI Security Leaderboard ranks all the major models on their ability to withstand advanced security attacks and presents a risk-to-performance (RTP) ratio as well as a valuable cost of security (CoS) metric. CalypsoAI compiled the Leaderboard after stress-testing AI models with its new Inference Red-Team solution, which combines Agentic Warfare with automated attacks.
