The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.

Windows 11 Patch Triggers Sign-In Failures Across Microsoft Apps

A Windows 11 security update triggered Microsoft app sign-in failures, prompting an emergency patch and a manual workaround ...
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

Memo to the PM: Fix 24 Sussex now

Except this time we aren’t talking about 24 Sussex. We’re talking about the cottage that the Prime Minister of Canada had to ...

How to talk to kids about their social media use, according to an expert

Readers asked about whether Canada should follow suit on a social media ban, how parents can talk to their kids about their ...
The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...