Tag: javascript malware

3 articles

Server room with rows of blinking equipment, indicating a compromised network setup.

OptinMonster Plugin Compromised in Supply-Chain Attack

A critical security breach has hit the popular OptinMonster plugin, used by over 1.2 million websites, which delivered malicious JavaScript to unsuspecting users via a compromised content distribution network. The attack, detected by ecommerce security firm Sansec, injected harmful code into websites for a brief but perilous window of time.

Analyst 207Jun 15, 2026

Office worker's desk with laptop, purchase order, and suspicious files.

PureLogs Infostealer Exploits Purchase Order Phishing Lures

Beware of purchase order phishing scams that can deliver a powerful infostealer, capable of stealing sensitive credentials and cryptocurrency keys, via a simple yet cleverly disguised email with a malicious RAR attachment. Even security software can be fooled, as one campaign was only flagged as a threat after it was already sent.

Analyst 207May 27, 2026

Laptop workstation with PyTorch Lightning package terminal open, displaying code on a neutral background.

Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials

A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.

Analyst 207May 4, 2026