Skip to main content

Tag: javascript

66 articles

North Korean Hackers Widen Contagious Interview Malware Campaign

North Korean Hackers Widen Contagious Interview Malware Campaign

Think twice before downloading that interview prep package—North Korean hackers are stealthily slipping dangerous malware into popular npm tools, turning trusted resources into digital traps for developers worldwide.

Analyst 207
North Korean Hackers Target npm Registry with XORIndex Malware

North Korean Hackers Target npm Registry with XORIndex Malware

North Korean hackers have unleashed a new wave of malware on the npm registry, cleverly hiding malicious code in popular JavaScript packages and putting millions of developers at risk—can we still trust the tools that power our software?

Analyst 207
New FileFix Attack Executes JScript, Evading Windows MoTW Alerts

New FileFix Attack Executes JScript, Evading Windows MoTW Alerts

Discover how the new FileFix attack executes JScript to bypass Windows Mark of the Web alerts, posing a significant security threat.

Analyst 207
Urgent Security Update: Google Responds to Active Exploitation of Chrome Zero-Day CVE-2025-6554

Urgent Security Update: Google Responds to Active Exploitation of Chrome Zero-Day CVE-2025-6554

Urgent security update: Google addresses active exploitation of Chrome zero-day CVE-2025-6554 to protect users from potential threats.

Analyst 207
North Korea-Linked Cyberattack: 35 Malicious npm Packages Target Developers

North Korea-Linked Cyberattack: 35 Malicious npm Packages Target Developers

North Korea-linked cyberattack reveals 35 malicious npm packages targeting developers, posing serious security risks and undermining software integrity.

Analyst 207
Cyberattackers Compromise 70+ Microsoft Exchange Servers to Harvest Credentials Using Keyloggers

Cyberattackers Compromise 70+ Microsoft Exchange Servers to Harvest Credentials Using Keyloggers

Cyberattackers exploit over 70 Microsoft Exchange servers, deploying keyloggers to harvest user credentials and compromise security.

Analyst 207
Democrats Push for In-Depth Review of the CVE Program Amid Federal Funding Uncertainty

Democrats Push for In-Depth Review of the CVE Program Amid Federal Funding Uncertainty

Democrats demand a thorough review of the CVE program amid federal funding uncertainty, questioning future support and transparency.

Analyst 207
JSFireTruck Malware Compromises Over 269,000 Websites in a Single Month

JSFireTruck Malware Compromises Over 269,000 Websites in a Single Month

JSFireTruck malware compromised over 269,000 websites in a month, exposing vulnerabilities and stirring global security concerns.

Analyst 207
Dangerous npm Packages Disguised as Utilities That Delete Project Directories

Dangerous npm Packages Disguised as Utilities That Delete Project Directories

Dangerous npm packages masquerade as utilities, but can delete your project directories. Learn how to spot and avoid these risky modules.

Analyst 207
Google Deploys Urgent Chrome Zero-Day Patch Amid Exploit Surge

Google Deploys Urgent Chrome Zero-Day Patch Amid Exploit Surge

Google deploys an urgent Chrome zero-day patch amid a surge in exploits, addressing critical vulnerabilities and bolstering user security.

Analyst 207
Malicious RubyGems pose as Fastlane to steal Telegram API data

Malicious RubyGems pose as Fastlane to steal Telegram API data

Malicious RubyGems masquerading as Fastlane target Telegram API data—stay alert to protect your systems from these deceptive packages.

Analyst 207
Reconnaissance Campaign Active on NPM Repository

Reconnaissance Campaign Active on NPM Repository

A reconnaissance campaign on the NPM repository exposes vulnerabilities and drives urgent calls for stronger security protocols.

Analyst 207
Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Researchers reveal a PWA JavaScript exploit that redirects users to adult scam apps, sparking urgent security reviews for progressive web tech.

Analyst 207
Newly Dis

Newly Dis

Discover the latest trends and breakthroughs with Newly Dis. Stay informed with fresh, innovative insights that keep you ahead.

Analyst 207
Russian Intelligence Operation Targets Organizations Tied to Ukraine War

Russian Intelligence Operation Targets Organizations Tied to Ukraine War

Russian intelligence probes organizations linked to the Ukraine war, targeting covert networks amid heightened geopolitical tensions.

Analyst 207
Unicode Camouflage: How a Malicious NPM Package Evades Detection

Unicode Camouflage: How a Malicious NPM Package Evades Detection

Discover how a malicious NPM package uses Unicode camouflage to evade detection by hiding harmful code within secure-looking modules.

Analyst 207
Supply chain attack hits npm package with 45,000 weekly downloads

Supply chain attack hits npm package with 45,000 weekly downloads

Supply chain attack compromises an npm package with 45,000 weekly downloads. Learn how to secure your dependencies and mitigate emerging threats.

Analyst 207
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

MintsLoader delivers GhostWeaver via phishing while ClickFix leverages DGA and TLS to execute stealth cyber attacks.

Analyst 207