<ul><li>AI developer assistant in GitLab has been found vulnerable to malicious code injection, emphasizing the need for developers to carefully verify code generated by such AI tools.</li><li>Attackers are exploiting trust in NPM packages to steal data by collecting internal and external network identifiers for follow-up attacks.</li><li>Employees searching for payroll portals on Google are being tricked into sending paychecks to hackers through deceptive websites and phishing pages.</li><li>A campaign using fake Docusign emails aims to harvest personal information, prompting organizations to enhance phishing awareness programs to prevent falling victim to such scams.</li><li>Cybercriminals are spreading Venom RAT and stealing crypto wallets by cloning an antivirus site to distribute malware under the guise of security software downloads.</li><li>OneDrive's misconfiguration granting web apps full read access to all files raises concerns over data security and the need for users to be cautious of authorizing SaaS plug-ins.</li></ul>

Security news weekly round-up - 30th May 2025

Discover more