Security lapses are rarely audible. They enter through dependable instruments, issues that are only partially resolved, and routines that people cease to question. The recap for this week makes that pattern very evident.

Attackers are outpacing defenses in speed and combining old and new strategies. "Patched" no longer equates to safe, and software continues to become an entry point on a daily basis. "VoidLink changes that baseline: its level of sophistication demonstrates how AI can significantly increase the speed and scale at which significant offensive capability can be produced when it is in the hands of capable developers." From a defensive perspective, using AI also makes attribution more difficult since the generated code eliminates many common hints and makes it more difficult to identify the true perpetrator of an attack.

Critical GNU InetUtils telnetd Flaw Described — The GNU InetUtils telnet daemon (telnetd) has been found to have a critical security flaw that was overlooked for almost 11 years. The vulnerability, identified as CVE-2026-24061 (CVSS score: 9.8), impacts GNU InetUtils versions 1.9.3 through 2.7. In March 2015, a code change included the vulnerability.

Because of the vulnerability, an attacker can create a Telnet session without using legitimate credentials, giving them access to the target system without authorization. According to Abstract Security, "the configuration's runOptions property, which supports a runOn value of folderOpen, causing the defined task to execute automatically when a workspace is opened, is the most important facilitator for this attack vector."

By inserting malicious shell commands into tasks.json files, Contagious Interview actors take advantage of this. The malicious task runs and initiates the infection chain that results in the installation of malware when a victim copies a repository to their local computer and opens it in Visual Studio Code.The majority of the malicious payloads are hosted on Vercel domains; however, other domains such as vscodeconfig[. ]com and vscode-load.onrender[.

]com have also been found. The "tasks.json" file is utilized in at least one instance to install the malicious npm package "jsonwebauth." Since its launch in 2022, Contagious Interview has focused on software developers and IT specialists, particularly in the blockchain and cryptocurrency industries.

Between August 2024 and September 2025, up to 3,136 distinct IP addresses associated with potential targets of the Contagious Interview activity were found; the majority of these addresses are located in North America and South Asia. This makes it helpful for tracking assets, identifying unknown devices, and keeping an eye on network activity without the need for bulky or complicated security tools. RzWeb is an easy way to examine software files without requiring the installation of any tools.

You can open a file and immediately begin analyzing how it functions because it operates entirely in your web browser.

When you don't want to set up a complete reverse-engineering environment, it can be helpful for quick checks, learning, or analysis because everything takes place on your own machine. Disclaimer: These resources have not undergone thorough security testing and are solely intended for educational and research purposes.