VulnHub

The Osiris ransomware, which emerged in November, is raising concerns among cybersecurity experts due to its advanced techniques that suggest the involvement of experienced attackers. This ransomware targets various organizations, encrypting their data and demanding a ransom for its release. The sophistication of Osiris indicates that it could pose a significant risk to businesses that might not have robust security measures in place. As ransomware continues to evolve, companies must be vigilant and proactive in their cybersecurity strategies to defend against such threats. Understanding the tactics used by Osiris can help organizations better prepare for potential attacks and minimize their impact.

Two Venezuelan nationals have been convicted for their involvement in an ATM jackpotting scheme that resulted in the theft of hundreds of thousands of dollars from U.S. banks. Federal prosecutors in South Carolina announced that after serving their prison sentences, the men will be deported back to Venezuela. Jackpotting refers to a method where criminals use malware to manipulate ATMs, causing them to dispense cash without proper authorization. This case highlights the ongoing risks of ATM fraud and the challenges law enforcement faces in addressing cybercrime that crosses international borders. The actions of these individuals not only impacted financial institutions but also posed risks to consumers and the integrity of banking systems in the U.S.

Two Venezuelan men have been convicted in the United States for their involvement in ATM jackpotting schemes, which use malware to hack into ATMs and dispense cash fraudulently. This conviction is part of a larger crackdown on a network of Venezuelan nationals charged with similar crimes. The attacks typically involve manipulating ATM software to trick machines into disbursing large amounts of money without authorization. This case is significant as it highlights the ongoing issue of international cybercrime and the risks posed to financial institutions and consumers. The convictions may serve as a deterrent to others considering similar criminal activities.

A new attack method called the 'Contagious Interview' has emerged, exploiting trust granted to repository authors in Visual Studio Code (VS Code). Once a user gives access to a malicious application from a compromised repository, the app can execute arbitrary commands on the user's system without requiring any further interaction. This poses a significant risk to developers and users who rely on VS Code for their projects, as it can lead to unauthorized access and control over their systems. The attack leverages the trust inherent in open-source collaborations, making it crucial for users to scrutinize the sources of their software. As this method becomes more prevalent, developers should be cautious about the repositories they trust.

North Korean hackers are targeting macOS developers by luring them to malicious projects on GitHub and GitLab that are opened with Visual Studio Code. The attackers use these repositories to trick users into executing harmful code, potentially compromising their systems. This tactic poses a significant risk to developers who may unknowingly download and run these malicious projects, which could lead to data breaches or further exploitation of their systems. As these attacks exploit popular development tools, developers need to be vigilant about the sources of the projects they access. This incident emphasizes the ongoing threat posed by state-sponsored hackers and the need for heightened awareness in the software development community.

USB drives pose a significant security risk for enterprises, as they can easily introduce malware into corporate networks. Researchers warn that these small devices often go unchecked and can lead to data breaches or unauthorized access. Many organizations still rely on USB drives for data transfer, making them an attractive target for cybercriminals. The ease of use and widespread availability means that employees might unwittingly use infected drives, compromising sensitive information and systems. Companies should implement strict policies regarding the use of USB drives and consider investing in security solutions that can monitor and control their use.

A malicious Visual Studio Code extension has been identified as a vehicle for distributing the Evelyn information-stealing malware. Cybersecurity researchers have found that this multi-stage attack can compromise sensitive information from affected users. Developers and users of Visual Studio Code are particularly at risk, as the extension can infiltrate systems through the widely used code editor. This incident underscores the need for caution when installing extensions from unverified sources. Users should ensure they only use trusted extensions and maintain updated security software to protect against such threats.

A new cybersecurity threat involves a malicious browser extension called NexShield, which uses social engineering tactics to crash users' browsers. This attack is designed to deliver a Python-based Remote Access Trojan (RAT), putting users' systems at risk of further compromise. The method relies on tricking users into installing the extension, which then takes control of their browsers. As a result, individuals and organizations that fall victim could face significant data theft or system damage. Users are advised to be cautious about browser extensions and ensure they are from trusted sources to avoid falling prey to such scams.

Researchers have discovered five malicious Chrome extensions designed to target users of Workday, NetSuite, and SuccessFactors. These extensions are capable of stealing cookies and preventing access to critical security pages on these platforms. This poses a significant risk to organizations that rely on these software solutions for their operations, as attackers can gain unauthorized access to sensitive information. Users of these platforms should be particularly vigilant about the extensions they install and ensure they are using only trusted sources. The presence of such malicious tools illustrates the ongoing challenges of keeping enterprise software environments secure.

Researchers have identified a cross-site scripting (XSS) vulnerability in the control panel of StealC malware, an infostealer that has been operating since at least 2023. This malware, which is sold as a service, targets and extracts sensitive information like cookies and passwords from victims. The flaw in the control panel has exposed important details about the attackers behind the malware, raising concerns about the ongoing threat to users' data security. Since its update to StealC v2 in 2025, the malware has continued to pose risks to individuals and organizations alike. The discovery emphasizes the need for vigilance against such malware, as the information leak could lead to further malicious activities by the attackers.