Cyber Briefing: 2025.09.16

LangChainGo flaw leaks files, VoidProxy PhaaS hits Microsoft & Google, WhiteCobra malware in VSCode, Gucci/Balenciaga breach, insider hits FinWise Bank, F5 buys CalypsoAI.

Sep 16, 2025

👉 What's the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. LangChainGo Bug Exposes Sensitive Files

A major security flaw, CVE-2025-9556, was found in LangChainGo, allowing attackers to read any file on a server. The vulnerability stems from how the framework processes untrusted prompt templates, which can be manipulated to expose sensitive data like API keys and credentials.

2. VoidProxy Targets Microsoft And Google

A new phishing-as-a-service (PhaaS) platform, VoidProxy, has emerged, using sophisticated adversary-in-the-middle (AitM) techniques to compromise Microsoft 365 and Google accounts, including those protected by third-party single sign-on (SSO) providers like Okta. The platform is able to steal credentials, multi-factor authentication (MFA) codes, and session cookies by mimicking legitimate login pages and relaying traffic between the victim and the real service.

3. WhiteCobra Drops Malicious VSCode Apps

A threat actor named WhiteCobra is using a series of malicious extensions in the Visual Studio Marketplace and Open VSX registry to steal cryptocurrency and other sensitive information from users of popular code editors like VSCode, Cursor, and Windsurf. The campaign is ongoing as WhiteCobra continually re-uploads new malicious code to replace extensions that are removed.

For more alerts, click here!

Search Jobs

💥 Cyber Incidents

4. Fake Account Found In Google Portal

A group of hackers known as "Scattered Lapsus$ Hunters" claimed to have accessed a Google platform used by law enforcement, prompting Google to confirm that a fraudulent account was created in the system. While Google stated that no data was accessed or requests made with the account, the incident highlights a significant security vulnerability involving a system used for sensitive data requests.

5. Hackers Hit Gucci And Balenciaga Data

Criminals have stolen personal data belonging to millions of customers of luxury brands Gucci, Balenciaga, and Alexander McQueen in a breach that parent company Kering has now confirmed. The stolen information includes names, contact details, addresses, and spending habits, but Kering states that no financial data was compromised.

6. Insider Breach Hits FinWise Bank Data

A former employee of FinWise Bank caused a data breach, exposing the personal information of 689,000 customers of American First Finance, with whom the bank partners. The bank is offering a year of free credit monitoring and identity theft protection to all affected individuals.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Microsoft To Push 365 Copilot App

Microsoft will soon automatically install its Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. This new app integrates the AI-powered Copilot assistant directly into the Microsoft 365 suite, including Word, Excel, and PowerPoint.

8. F5 To Acquire CalypsoAI For Millions

F5, a provider of security and application delivery solutions, is acquiring CalypsoAI for $180 million. The acquisition will allow F5 to integrate CalypsoAI’s platform, which secures AI during operation, into its own security platform.

9. Silent Push Raises $10 Million

Silent Push, a Virginia-based threat intelligence company, has secured $10 million in Series B funding from StepStone Group, Ten Eleven, and Knollwood Investment Advisory. The company will use this investment to improve its platform and expand globally.

For more news, click here!

Check Events

📈Cyber Stocks

On Tuesday, September 16, 2025, cybersecurity stocks saw a mixed performance as investors wrestled with persistent inflation concerns, hopes for upcoming interest rate policy clarity from the Federal Reserve, and varied business-level updates across the sector. While macroeconomic uncertainties pressured some names, strong contract wins and product momentum offered support to others.

Cloudflare (NET) closed at $226.01, rising modestly as demand for its edge network and DNS services boosted investor sentiment following a rebound in global web traffic.
Rapid7 (RPD) finished at $19.44, slipping slightly as concerns over slower IT spending and macroeconomic headwinds outweighed optimism around its security automation offerings.
CrowdStrike (CRWD) ended at $444.77, gaining as investors reacted positively to its recent earnings beat, strong guidance for threat-protection growth, and its positioning as a leader in endpoint detection and response.
SentinelOne (S) settled at $18.30, ending flat as investor enthusiasm for its AI-driven acquisitions and roadmap was balanced by questions about margins and competition in endpoint protection.
Okta (OKTA) closed at $90.91, edging higher after securing new identity verification contracts in regulated industries that strengthened confidence in its recurring revenue model.

💡 Cyber Tip

🛠️ WhiteCobra Drops Malicious VSCode Extensions to Steal Crypto

A threat group named WhiteCobra is flooding the Visual Studio Marketplace and Open VSX registry with malicious extensions that steal cryptocurrency and sensitive data. These fake add-ons target developers using VSCode, Cursor, and Windsurf, disguising themselves with professional icons, detailed descriptions, and inflated download counts. Even high-profile victims, including a core Ethereum developer, have reported crypto theft after installing these extensions.

✅ What you should do

Install extensions only from trusted publishers and verify authenticity
Regularly audit installed extensions and remove anything suspicious
Monitor for signs of compromise, including wallet drains or unusual logins
Keep your system and security tools up to date
Use separate wallets and devices for development work to limit exposure

🔒 Why this matters

WhiteCobra is a well-organized threat actor using marketplaces’ weak review processes to push malware like LummaStealer. Their campaign is ongoing, with new malicious extensions uploaded after removals, making this a persistent risk for developers and crypto users.