Breaking News – Cyber Threats (last 6h)
Generated: 2026-01-21 02:00 PST
- Automatic Script Execution In Visual Studio Code, (Wed, Jan 21st)
SANS ISC Diary (full) • 2026-01-21 01:50 • isc.sans.eduVisual Studio Code is a popular open-source code editor[1]. But it's much more than a simple editor, it's a complete development platform that supports many languages and it is available on multiple platforms. Used by developers worldwide, it's a juicy target for threat actors because it can be extended with extensions.
- LastPass Warns of Fake Maintenance Messages Targeting Users’ Master Passwords
The Hacker News • 2026-01-20 22:40 • thehackernews.com
LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to trick users into giving up their master passwords.
The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The
https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html - CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
The Hacker News • 2026-01-20 22:04 • thehackernews.com
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript.
The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025.
Binary-parser is a
https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
