A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
JFrog finds 148 npm proxy packages turned student browsers into a DDoS botnet, while a mutable loader lets operators re-arm ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package environments. The threat cluster – identified as Contagious Interview or Famous ...
An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
The post Attackers adopt JavaScript runtime Bun to spread NWHStealer appeared first on Malwarebytes. In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers ...
Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials.