The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Computer Weekly

Microsoft patches zero-days in .NET and SQL Server

Two zero-day flaws in the form of a denial of service (DoS) issue in .NET and an elevation of privilege (EoP) issue in SQL Server top the agenda for security teams in Microsoft’s latest monthly Patch ...
WRDW

Challenges remain as S.C. alcohol server training deadline gets extension

SOCASTEE, S.C. - South Carolina servers and bartenders now have until May 1 to complete a newly required alcohol training exam, but workers say getting through the four-hour program comes with its own ...
Post and Courier

Bartenders, servers get extension for mandatory alcohol training needed under SC insurance reform

COLUMBIA — The S.C Department of Revenue is extending the deadline for the state’s hospitality workers to complete a new mandatory alcohol server training created under last year’s liquor liability ...
WBTW

‘Little more lenient’: Grand Strand bartenders hope for potential extension of alcohol server training deadline

HORRY COUNTY, S.C. (WBTW) — South Carolina lawmakers introduced legislation Wednesday to extend the deadline for mandatory alcohol server training under the state’s new liquor liability law. Rep. Tim ...
Infosecurity-magazine.com

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks. In a report published on ...
CSOonline

Flaws in four popular VS Code extensions left 128 million installs open to attack

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
IEEE

Hyperscale Resilient Buffer Pool Extension in Azure SQL Database

Abstract: Azure SQL DB offers disaggregated storage architecture called Hyperscale. While this architecture provides storage scale out, it comes at the cost of performance of I/O from remote storage.
IEEE

Protect Your Secrets: Understanding and Measuring Data Exposure in VSCode Extensions

Abstract: Recent years have witnessed the emerging trend of extensions in modern Integrated Development Environments (IDEs) like Visual Studio Code (VSCode) that significantly enhance developer ...
Bleeping Computer

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing ...
CoinDesk

Trust Wallet users lose $7 million to hacked Chrome extension

Trust Wallet users lost more than $7 million shortly after it released an updated version of its extension for the Chrome web browser. The stolen funds will be reimbursed, said Changpeng Zhao, a ...