Enterprise Security Tech

In what security researchers are describing as a watershed moment for developer supply-chain attacks, a new malware campaign dubbed GlassWorm  has begun spreading through extensions for Visual Studio Code (VS Code) and its open-source alternative, OpenVSX. The worm-like code has been installed on an estimated 35,800 developer machines so far. What happened: A stealthy worm enters the IDE According to analysts at Koi Security, the campaign first surfaced on October 17, 2025 wh

Microsoft’s support for Windows 10 officially ended last week on October 14 , but for millions of systems worldwide, that deadline has come and gone with business still as usual — and that’s the problem. Nearly a decade after its 2015 debut, Windows 10 has finally entered the post-support void. Microsoft is no longer issuing free updates, security patches, or bug fixes, and that has left an estimated 5.25 percent of all workloads  still running the operating system exposed, a

According to new research from Comparitech , ransomware attacks on government organizations jumped sharply in 2025 — even as quarterly totals showed signs of decline. The firm’s latest analysis recorded 276 attacks on government entities  worldwide between January and September 2025, marking a 41 percent increase  from the same period in 2024 (196). Of those, 147 attacks have been confirmed  by the victims themselves — nearly identical to last year’s confirmed total (146). Co

SocGholish, the insidious “fake update” scheme that lures users into installing malicious code masquerading as browser or plugin patches — has quietly evolved into a full-blown Malware-as-a-Service ecosystem. New technical analysis from threat researchers at Trustwave SpiderLabs , a LevelBlue company, shows the operation now functions less like a single campaign and more like an industrial distribution layer that any criminal buyer can plug into. The result: access-for-hire

In the past year, the internet’s biggest security threat hasn’t been a zero-day exploit or a sophisticated ransomware operation. It’s something far more insidious—and human. Or at least, it sounds human. AI-powered phishing campaigns are rewriting the rules of online deception. Voice-cloned executives, fake “customer support” chats, and hyper-realistic scam websites now blur the line between reality and manipulation. The technology once used to enhance creativity and producti

Varonis warns that attackers are moving beyond servers and endpoints—and into the heart of enterprise cloud management. For years,...