Cyber News Bytes: What’s Happening in Cybersecurity This Week

Another week, another batch of security stories reminding us that attackers don’t need to kick the door in anymore. They’re walking straight through tools and systems we already trust.

This week’s news isn’t about loud breaches. It’s about quiet risks hiding inside everyday technology.

And once you see the pattern, it’s hard to unsee it.

Let’s look at what that means in practice.

1. Malicious VS Code AI Extensions Steal Developer Source Code

What happened:
Two popular VS Code extensions posing as AI coding assistants were secretly stealing developers’ source code and sending it to servers in China. Together, they had about 1.5 million installs and worked exactly as promised.

Nothing looked broken. Everything looked normal.

Why it matters:
This is what supply chain risk looks like now. The attack doesn’t go after servers first it goes after the people building them.

If a developer’s environment is compromised, the entire pipeline becomes easier to compromise.

How to use it:
Start treating developer tools as part of your attack surface. This is also a strong interview example of why “trusted software” still needs security review.

Read more on The Hacker News

And speaking of how AI is affecting the tech industry in general, here’s an update on the cybersecurity job market:

2. WhatsApp Adds Strict Account Settings for High-Risk Users

What happened:
WhatsApp launched a new “Strict Account Settings” mode that blocks unknown attachments and silences calls from people you don’t know. It’s built for users who face targeted attacks, like journalists and public figures.

Instead of hunting through menus, you flip one switch.

Why it matters:
Most real world breaches start with a simple action opening a file, clicking a link, answering a call. This feature reduces those chances by design.

It’s security that works with users instead of fighting them.

How to use it:
This is a great example of risk-based security design. It shows how good controls lower risk without demanding perfect behavior.

Read more on Security Week

3. Fortinet Confirms Firewall Bug Wasn’t Fully Fixed

What happened:
Fortinet confirmed attackers were still exploiting an authentication flaw even on fully patched firewalls. In some cases, admin accounts were created and configurations were stolen within seconds.

The weakness involved FortiCloud SSO and bypassed normal login protections.

Why it matters:
Patching used to feel like the finish line. Now it’s just one checkpoint. Attackers are moving faster than fix cycles, which means blind trust in updates is no longer enough.

How to use it:
Don’t assume patched systems are clean. Watch for unusual logins, new admin accounts, and strange behavior.

Read more on Bleeping Computer

For learners, this is a clear example of why defense is layered, not single step.

This week’s theme is trust tools we trust, vendors we trust, and systems we assume are safe are becoming the easiest way in for attackers.

The shift isn’t abandoning trust. It’s verifying behavior. Stop asking only “Is it updated?” and start asking, “Does this actually look right?” 🧠

That mindset is what separates reactive security from real defense.

And for anyone trying to break into the field, CourseCareers offers one of the fastest, most accessible paths into IT and cybersecurity for beginners; check it out here.