Now Playing
VS Code OAuth Exploit, 76% Finance Ransomware Surge & DarkSword iPhone Kit
Audio is available on Spreaker — see link below.
A researcher dropped a live VS Code OAuth token-theft exploit just one hour after private disclosure, signalling that responsible disclosure is breaking down. Plus: financial ransomware up 76%, the DarkSword iPhone watering-hole kit, and two Indian data exposures.
Audio is available on Spreaker — see link below.
A security researcher published a working exploit for a Microsoft Visual Studio Code vulnerability within one hour of disclosing it privately. Not days later.
The VS Code vulnerability itself is worth understanding. The flaw allows an attacker to steal OAuth tokens through malicious repository recommendations combined with Jupyter Notebook popups.
Shifting to the financial sector, the numbers from Q1 twenty-twenty-six are stark. Direct ransomware attacks on financial institutions rose seventy-six percent year over year.
On the mobile side, researchers uncovered a fully documented, copy-paste-ready iPhone exploit kit called DarkSword on compromised Ukrainian sites. It targets iOS eighteen point four through eighteen point six point two via watering hole attacks, and the potential exposure window covers somewhere between two hundred twenty-one and two hundred seventy million devices.
Two data exposure stories from India close out this briefing. Ultrahuman, the wearable wellness company, suffered a breach on March twenty-seventh after employee credentials were stolen.
The signal that connects most of this briefing is incentive erosion. Researchers are losing confidence that responsible disclosure produces responsible outcomes.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.