CyberNews: 09/11/2025 Edition

Published by Dunateo on 2025-11-09

Today’s roundup

  • GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
  • Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday
  • Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic
  • China-linked hackers target U.S. non-profit in long-term espionage campaign

    • Summary

    The GlassWorm malware campaign has resurfaced, impacting the OpenVSX and Visual Studio Code marketplaces. Three new malicious VSCode extensions have been identified, accumulating over 10,000 downloads. This marks a significant continuation of the supply-chain attack that previously affected these developer platforms.

    With Windows 10's end of support imminent, users are strongly advised to enroll in the Extended Security Updates (ESU) program before next week's Patch Tuesday. This program is crucial for receiving protection against newly discovered security vulnerabilities as the operating system transitions out of mainstream support.

    Microsoft has revealed a novel side-channel attack named "Whisper Leak" that targets remote language models. This attack allows a passive adversary to infer the topics of AI conversations from encrypted network traffic under specific conditions, posing a significant risk to the confidentiality of data exchanged with streaming large language models.

    A China-linked advanced persistent threat (APT) group successfully breached a U.S. non-profit organization focused on policy influence in April 2025. The attackers maintained access for several weeks, employing DLL sideloading via vetysafe.exe, a technique associated with Chinese APT groups like Space Pirates and APT41 subgroups, and leveraging Imjpuexc to mask their activity, with the goal of establishing persistent access and targeting domain controllers.

    Want to dig deeper?

    Cyber Groups

    APT41 Wicked Panda, Brass Typhoon, BARIUM