Malicious VSCode extensions infect Windows with cryptominers
A set of ten VSCode extensions on Microsoft’s Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. Microsoft VSCode is a popular code editor that allows users to install extensions to extend the program’s functionality. These extensions can be downloaded from Microsoft’s VSCode Marketplace, an online hub for developers to find and install add-ons. ExtensionTotal researcher Yuval Ronen has uncovered ten VSCode extensions published on Microsoft’s portal on April 4, 2025.
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges
A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos over the course of a decade of staff pumping breastmilk and breastfeeding, a class-action lawsuit alleges. The suit, filed on March 27 and first reported by the Baltimore Banner, accuses pharmacist Matthew Bathula of implanting keyloggers — a type of software that records what someone types on a keyboard — on about 400 computers at the University of Maryland Medical Center (UMMC).
Musk’s DOGE using AI to snoop on U.S. federal workers, sources say
Trump administration officials have told some U.S. government employees that Elon Musk’s DOGE team of technologists is using artificial intelligence to surveil at least one federal agency’s communications for hostility to President Donald Trump and his agenda, said two people with knowledge of the matter. While much of Musk’s Department of Government Efficiency remains shrouded in secrecy, the surveillance would mark an extraordinary use of technology to identify expressions of perceived disloyalty in a workforce already upended by widespread firings and severe cost cutting.
Food giant WK Kellogg discloses data breach linked to Clop ransomware
US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks. Cleo software is a managed file transfer utility that was targeted by the Clop ransomware gang en masse at the end of last year. This attack leveraged two zero-day flaws tracked as CVE-2024-50623 and CVE-2024-55956, allowing the threat actors to breach servers and steal data. “WK Kellogg learned on February 27, 2025, that a security incident may have occurred involving Cleo,” reads the notice.
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. “As a purpose-built tool for creating and deploying web apps, its capabilities line up perfectly with every scammer’s wishlist,” Guardio Labs’ Nati Tal said in a report shared with The Hacker News. “From pixel-perfect scam pages to live hosting, evasion techniques, and even admin dashboards to track stolen data — Lovable didn’t just participate, it performed. No guardrails, no hesitation.”
