The Hacker News

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

CISA adds Wing FTP CVE-2025-47813 to KEV after active exploitation, exposing server paths and aiding attacks; patch by March 30, 2026.
SecurityWeek

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is relying on SEO poisoning to distribute fake VPN clients that install trojans and steal users’ credentials.
CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Here's what the Arizona Senate gave Trump's FBI on 2020 election

A two-page FBI receipt shows a massive amount of files and images that the Arizona Senate provided in response to a subpoena ...