.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
Last week, attackers targeted Cisco security products, and GlassWorm showed DevOps tools are on the frontline while NCC Group joined forces with Qualys to expand its attack surface management services to take on Shadow IT.
Cisco Security Products in the Cross-hairs of Attackers
A pair of campaigns in the last month have targeted Cisco security products. The first, an advanced persistent threat linked to China exploited a zero-day flaw—which rates 10 out of 10 in severity—in Cisco’s email security appliances running on AsyncOS software. So far, it has not been patched. A second threat actor launched a series of brute force attacks against Cisco SSL VPNs. The same attackers hit Palo Alto Networks GlobalProtect VPNs.
Alliance With Qualys Will Help NCC Group Tackle Shadow IT
NCC Group has joined forces with Qualys to address the burgeoning problem is shadow IT. The alliance, which will equip NCC Group with real-time asset discovery tools, will let NCC continuously monitor IT environments and will expand its attack surface management services. Shadow IT is only expected to become more of a challenge for IT as the use of AI continues to amp up both the volume and the sharing of data.
GlassWorm Attack Shows DevOps Tools Are the New Frontline
GlassWorm, a worm that infects extensions on both the Open VSX Registry and Microsoft’s official marketplace, recently spread through the Visual Studio Code ecosystem, embedding itself into popular extensions and silently compromising developer environments. For DevOps teams, trusted tools like Visual Studio Code (VS Code) are part of the daily workflow but in October, GlassWorm turned that trust into a liability. Spotted by Koi Security researchers, the worm slipped into 14 extensions (13 from Open VSX and one from the Microsoft Extension Marketplace), infecting tens of thousands of machines. Once installed, GlassWorm steals credentials for GitHub, npm, and Open VSX accounts(Koi.ai, 2025). It siphons crypto from 49 wallet extensions. It even installs proxies and hidden VNC servers to turn developer machines into launchpads for broader attacks quietly. And it spreads autonomously. GlassWorm remains under active investigation. Koi Security has tracked its spread to over 35,800 downloads. The infected extensions were pulled, but with the stolen credentials in play, more seeded packages may already be circulating.
Chinese Spy Campaign Leveraging Claude Ratchet Up Policymakers’ Concerns
Policymakers are trying to figure out how to address AI-hacking in the wake of Chinese hackers leveraging Anthropic’s Claude AI model to launch a global cyberespionage campaign. Anthropic red team leader Logan Graham told legislators at House Homeland Security hearing that concerns over AI models being used to amplify and accelerate attacks are no longer just theory but are now reality.
WatchGuard Presses Users to Patch RCE Flaw in Firebox Firewall Appliances
WatchGuard sounded the alarm last week that customers should patch a remote code execution (RCE) flaw in its Firebox firewall appliances that is being actively exploited. Explaining that the out-of-bounds write vulnerability in the WatchGuard Fireware OS IKEv2 process could allow a remote unauthenticated third party execute arbitrary code. Security pros warn that the vulnerable code path might be set off by residual configurations that are linked to static gateway peers for branch office connections, creating a “ghost” vulnerability that might catch security teams off-guard.
.
