Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
Cybersecurity researchers uncovered a large-scale phishing campaign aimed at the hospitality sector, using ClickFix-style pages to trick hotel managers into deploying PureRAT malware. Attackers leveraged compromised email accounts to impersonate Booking.com and redirect victims to credential-stealing sites. The stolen credentials grant unauthorized access to booking platforms like Booking.com and Expedia, which are then monetized or used for further fraud.
Source: TheHackerNews

Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft researchers discovered a side-channel attack named Whisper Leak, capable of revealing AI chat conversation topics from encrypted traffic. The attack targets streaming-mode language models, allowing adversaries monitoring network traffic—such as nation-state actors or local network observers—to infer user prompt subjects. The discovery raises significant concerns about the privacy of enterprise and user communications with AI systems.
Source: TheHackerNews

QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland
QNAP Systems released security updates for two dozen vulnerabilities, seven of which were exploited during the Pwn2Own Ireland 2025 hacking competition. Researchers from Team DDOS and DEVCORE demonstrated chained exploits affecting QNAP routers and NAS devices, earning over $140,000 in rewards. The company urges all users to update to HBS 3 Hybrid Backup Sync version 26.2.0.938 and reset passwords after patching.
Source: SecurityWeek

‘Ransomvibing’ Infests Visual Studio Extension Market
A new malicious extension on Visual Studio Marketplace introduces “ransomvibing” — ransomware code generated through AI “vibe coding.” The extension openly encrypts and exfiltrates data, marking a disturbing trend of threat actors leveraging AI tools to create malware via natural language prompts. Researchers warn that as AI-generated code becomes common in development environments, its misuse by cybercriminals will likely increase.
Source: DarkReading

GlassWorm Malware Returns on OpenVSX With 3 New VSCode Extensions
The GlassWorm malware campaign resurfaced on OpenVSX with three new VSCode extensions downloaded over 10,000 times. The malware uses hidden Unicode characters and Solana blockchain transactions to steal credentials and crypto wallet data. In response, OpenVSX revoked access tokens for compromised accounts and implemented stronger security controls to prevent further incidents.
Source: BleepingComputer