Coding background, Application development and code programming. Technology business computers concept

(Adobe Stock)

VS Code config files abused to launch RCEs via GitHub Codespaces

Steve ZurierFebruary 5, 2026

Experts point out that exploited VS Code presents supply chain, credential theft, and network access risks.

RESOURCES

Application security
The next evolution of application security: AI-accelerated DevSecOps
Government security
ICIT’s Center for FCEB Resilience: Strengthening federal civilian agencies
AI/ML
Trusted automation: Building autonomous IT with confidence
AI/ML
SASE’s role in securing AI adoption: How existing tools can manage AI security
Zero Trust World
Hackers, surprises and outer space: What we’ll see at Zero Trust World 2026

PODCASTS

Leadership
Unexamined Leadership Behaviors as CEOs and CISOs Balance Cybersecurity Investments – Hacia Atherton – BSW #433
Vulnerability Management
DBII, Notepad++, Covenant, Fancy Bear, CTFs, Firefox, AI Slop, Josh Marpet, and More – SWN #552
Application security
Focusing on Proactive Controls in the Face of LLM-Assisted Malware – Rob Allen – ASW #368
Security Operations
Initial entry to resilience: understanding modern attack flows and this week’s news – Warwick Webb – ESW #444
Vulnerability Management
AI Grief, Fortinet, BSODs, WINRAR, Montreaux, Big Iron, Memory Prices, Josh Marpet… – SWN #551

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Threat Management

More than 10,000 IPs hijacked by SystemBC botnet

Laura FrenchFebruary 5, 2026

Researchers identified continued development of the botnet despite “Operation Endgame” disruption.

Close-up of Apple MacOS Dock with Finder icon selected and mouse cursor hovering

Security Operations

Infostealer threats move beyond Windows to target macOS machines

Steve ZurierFebruary 4, 2026

The infostealers leverage Python to deliver malware that steals credentials.

(Credit: Tada Images – stock.adobe.com)

OpenClaw agents targeted with 341 malicious ClawHub skills

Laura FrenchFebruary 4, 2026

Most of the malicious skills deployed malware consistent with Atomic Stealer on Mac machines.

Security Operations

Microsoft Office bugs exploited by Russia-linked APT28

Steve ZurierFebruary 3, 2026

Experts warn that social engineering lets attackers take advantage of even the lesser-rated vulnerabilities.

(Credit: monticellllo – stock.adobe.com)

PDF phishing attack leads to stolen Dropbox credentials

Laura FrenchFebruary 2, 2026

The attack uses seemingly benign attachments and trusted cloud infrastructure to evade detection.

Cyber Threats Pictured: Neon Green Hacker's Skull & Crossbones on Binary Background

Security Operations

GlassWorm malware targets Open VSX Registry in supply chain attack

Steve ZurierFebruary 2, 2026

Experts concerned the malware can spread throughout the open-source developer environment.

Security Operations

AI agents solve 9 of 10 web security CTF challenges in recent study

Laura FrenchJanuary 30, 2026

The agents solved most challenges at low cost but struggled with more broadly scoped tasks.

IT professional fixing software bug with binary code display

Security Operations

Ivanti patches two 9.8 bugs in Endpoint Manager Mobile

Steve ZurierJanuary 30, 2026

CVE-2026-1281 and CVE-2026-1340 have CVSS scores of 9.8 and have already been exploited.

EVENTS