javascript
-
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys…
Read More » -
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows…
Read More » -
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.…
Read More » -
Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year…
Read More » -
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could…
Read More » -
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called…
Read More » -
Mandiant’s X Account Was Hacked Using Brute-Force Attack
The compromise of Mandiant’s X (formerly Twitter) account last week was likely the result of a “brute-force password attack,” attributing…
Read More » -
Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns…
Read More » -
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading…
Read More » -
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28…
Read More »