A trusted Solidity extension turned traitor – the SleepyDuck Trojan used blockchain to stealthily control developers’ tools. Could your favorite extension be hiding a dark secret?
#sleepyduck
#soliditysecurity
#openvsx
#blockchainmalware
#vscodeextension
#cyberthreats
#malwareanalysis
#developersecurity
#infosec
Anil Bhasin from Wiz told TechNadu, “Rather than asking developers to decode generic alerts, the focus should be on delivering clear, contextual findings.”
He explains how developer-first security empowers innovation through automation, collaboration, and shared ownership. https://www.technadu.com/the-security-dilemma-creating-a-supportive-security-ecosystem-that-enables-speed-and-developer-empowerment/611717/
#CyberSecurity #DevSecOps #AppSec #Wiz #DeveloperSecurity #TechNadu
The DevOps space is under siege.
GlassWorm, a self-propagating worm in VS Code extensions, uses Solana blockchain for C2, invisible Unicode for stealth, and targets developer credentials, crypto wallets, and Git repositories. Auto-updating extensions make the threat persistent.
💬 InfoSec pros: how should organizations defend against this evolving supply chain risk?
🔁 Share & follow TechNadu for expert analysis on emerging malware and blockchain-enabled attacks.
#GlassWorm #VSCode #SupplyChainAttack #DevSecOps #BlockchainSecurity #Malware #InfoSec #DeveloperSecurity #CyberThreats #TechNews
WhiteCobra threat group targets developers with malicious VSCode extensions, stealing cryptocurrency from wallets. They've already stolen $500K+ and can generate fake credibility with 50K fake downloads in hours. Even experienced security professionals have fallen victim to these sophisticated attacks. #CyberSecurity #DevSecurity #VSCode #Malware #CryptoCurrency #DeveloperSecurity #WhiteCobra https://devops.com/whitecobra-targets-developers-with-dozens-of-malicious-extensions/
DNS attacks are not just legacy threats – they’re evolving.
In my new article series, I explore modern DNS attack vectors like cache poisoning, tunneling, hijacking & spoofing – and how we as developers can defend at the protocol edge.
A must-read if you're building Java-based backend systems or securing internal services.
🔗 https://svenruppert.com/2025/04/07/dns-attacks-explained/
#CyberSecurity #DNS #Java #Infosec #NetworkSecurity #SecureCoding #DNSAttack #DeveloperSecurity #PrivacyByDesign
Ransomware in VSCode extensions raises serious concerns about Microsoft’s marketplace security.
Two extensions—“ahban.shiba” and “ahban.cychelloworld”—were found on the Visual Studio Code Marketplace containing ransomware that evaded Microsoft’s security checks for months.
Key takeaways:
・⚠️ Malicious code used PowerShell to fetch ransomware from a remote AWS server
・💸 Victims were told to pay 1 ShibaCoin—no actual payment instructions were provided
・🕒 Extensions stayed live despite being flagged by ExtensionTotal back in November 2024
・🧪 Ransomware appeared to be in an early testing phase, only encrypting files in test folders
This incident highlights ongoing gaps in third-party extension vetting and the urgent need for tighter security controls—even on official marketplaces.
Full story: https://www.cysecurity.news/2025/03/ransomware-found-in-vscode-extensions.html
#CyberSecurity #VSCode #Microsoft #Malware #DevTools #SecurityAwareness #Ransomware #Infosec #DeveloperSecurity
GitHub detected 39 million exposed secrets in 2024! Learn how their major security upgrade protects your code with AI-powered scanning, free risk assessment, and enhanced push protection. Don't let your API keys become the next compromise.
#SecurityLand #BusinessShield #CyberSecurity #GitHub #DeveloperSecurity
Read More: https://www.security.land/github-bolsters-security-after-39-million-secret-leaks-in-2024/
My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.
Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.
#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec
New #infographic on developer-focused security based on my latest research: Walking the Line: GitOps and Shift Left Security https://www.esg-global.com/research/infographic-walking-the-line-gitops-and-shift-left-security
#devsecops #infosec #cybersecurity #cloudsecurity #developersecurity #shiftleft #CloudSecurityOperations
My thoughts on the Palo Alto Networks acquisition of Cider security to help security teams incorporate developer-focused security in Prisma Cloud by Palo Alto Networks. This includes some stats from my latest Enterprise Strategy Group report.
https://venturebeat.com/security/palo-alto-networks-acquires-supply-chain-security-provider-harden-application-security/
