Fake Visual Studio Code extension for Cursor led to $500K theft

Laura FrenchJuly 11, 2025

The spoofed “Solidity” extension was installed from the Open VSX registry in Cursor.

RESOURCES

Threat Management
Don’t let security debt play you: How to spot, prioritize, and eliminate silent cyber liabilities
Threat Management
How 75 CISOs are fighting back against security debt
Threat Management
Don’t let security debt play you: Four moves to take back control
Threat Intelligence
Breaking the chain: How to disrupt cybercrime’s use of stolen data
Threat Intelligence
Bridging the gap: Turning threat intelligence into operational security outcomes

PODCASTS

Vulnerability Management
Tapjacking, ZuChe, PerfektBlue, McHacking, OT in the IT, Add Ons, Josh Marpet… – SWN #493
Vulnerability Management
Citrixbleed 2, Hardware Hacking, and Failed Bans – PSW #882
Leadership
SolarWinds Settlement, Upgrade Your Leadership Instincts to Build Your Legacy – BSW #403
Vulnerability Management
Spying on your kids, Bank Robberies, Qantas, LOTL, sudo, Hunters, Aaran Leyland… – SWN #492
Application security
Checking in on the State of Appsec in 2025 – Sandy Carielli, Janet Worthington – ASW #338

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Citrix sign on its office building in Fort Lauderdale, Florida, USA, an American cloud computing and virtualization technology company.

Vulnerability Management

Federal agencies have 24 hours to patch ‘Citrix Bleed 2’ bug

Steve ZurierJuly 11, 2025

CISA has likely seen exploitation across federal agencies and the private sector.

(Credit: Louise Kellow/Wirestock Creators – stock.adobe.com)

McDonald’s ‘McHire’ chatbot records accessed via ‘123456’ password

Laura FrenchJuly 10, 2025

Paradox.ai, which built the McDonald’s “Olivia” chatbot, took responsibility for the issue.

Yellow robotic arms performing automated tasks on a production line, showcasing advanced manufacturing technology in industry 4.0

Critical Infrastructure Security

A majority of enterprises say CISOs now responsible for OT security

Steve ZurierJuly 10, 2025

Eight in 10 respondents plan to put OT security under CISOs in the next 12 months.

Credit: Adobe Stock

Application security

OWASP’s playbook for preventing AI data leaks

OWASP GenAI Security Project Team July 10, 2025

LLMs can’t forget what they’ve seen, but you can stop them from saying too much. Here’s how.

Credit: Adobe Stock

Application security

Leaky chatbots: Understanding sensitive information disclosure in AI

OWASP GenAI Security Project Team July 10, 2025

From source code to secrets, AI can expose more than you expect, especially when business speed outpaces security readiness.

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

Network Security

China-based hacker to face charges in US after arrest in Italy

Shaun NicholsJuly 10, 2025

Man believed to be a member of group that stole research and intellectual property from the U.S.

Critical mcp-remote flaw could enable RCE when connecting AI clients

Laura FrenchJuly 9, 2025

A malicious MCP server could have executed arbitrary commands on the victim’s machine.

ServiceNow issues CVE for high-severity ACL bug

Steve ZurierJuly 9, 2025

Varonis says attackers could easily expose ServiceNow data tables by combining enumeration techniques with common query filters.

EVENTS