Tag: javascript
66 articles

North Korean Hackers Widen Contagious Interview Malware Campaign
Think twice before downloading that interview prep package—North Korean hackers are stealthily slipping dangerous malware into popular npm tools, turning trusted resources into digital traps for developers worldwide.

North Korean Hackers Target npm Registry with XORIndex Malware
North Korean hackers have unleashed a new wave of malware on the npm registry, cleverly hiding malicious code in popular JavaScript packages and putting millions of developers at risk—can we still trust the tools that power our software?

New FileFix Attack Executes JScript, Evading Windows MoTW Alerts
Discover how the new FileFix attack executes JScript to bypass Windows Mark of the Web alerts, posing a significant security threat.

Urgent Security Update: Google Responds to Active Exploitation of Chrome Zero-Day CVE-2025-6554
Urgent security update: Google addresses active exploitation of Chrome zero-day CVE-2025-6554 to protect users from potential threats.

North Korea-Linked Cyberattack: 35 Malicious npm Packages Target Developers
North Korea-linked cyberattack reveals 35 malicious npm packages targeting developers, posing serious security risks and undermining software integrity.

Cyberattackers Compromise 70+ Microsoft Exchange Servers to Harvest Credentials Using Keyloggers
Cyberattackers exploit over 70 Microsoft Exchange servers, deploying keyloggers to harvest user credentials and compromise security.

Democrats Push for In-Depth Review of the CVE Program Amid Federal Funding Uncertainty
Democrats demand a thorough review of the CVE program amid federal funding uncertainty, questioning future support and transparency.

JSFireTruck Malware Compromises Over 269,000 Websites in a Single Month
JSFireTruck malware compromised over 269,000 websites in a month, exposing vulnerabilities and stirring global security concerns.

Dangerous npm Packages Disguised as Utilities That Delete Project Directories
Dangerous npm packages masquerade as utilities, but can delete your project directories. Learn how to spot and avoid these risky modules.

Google Deploys Urgent Chrome Zero-Day Patch Amid Exploit Surge
Google deploys an urgent Chrome zero-day patch amid a surge in exploits, addressing critical vulnerabilities and bolstering user security.

Malicious RubyGems pose as Fastlane to steal Telegram API data
Malicious RubyGems masquerading as Fastlane target Telegram API data—stay alert to protect your systems from these deceptive packages.

Reconnaissance Campaign Active on NPM Repository
A reconnaissance campaign on the NPM repository exposes vulnerabilities and drives urgent calls for stronger security protocols.

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps
Researchers reveal a PWA JavaScript exploit that redirects users to adult scam apps, sparking urgent security reviews for progressive web tech.

Newly Dis
Discover the latest trends and breakthroughs with Newly Dis. Stay informed with fresh, innovative insights that keep you ahead.

Russian Intelligence Operation Targets Organizations Tied to Ukraine War
Russian intelligence probes organizations linked to the Ukraine war, targeting covert networks amid heightened geopolitical tensions.

Unicode Camouflage: How a Malicious NPM Package Evades Detection
Discover how a malicious NPM package uses Unicode camouflage to evade detection by hiding harmful code within secure-looking modules.

Supply chain attack hits npm package with 45,000 weekly downloads
Supply chain attack compromises an npm package with 45,000 weekly downloads. Learn how to secure your dependencies and mitigate emerging threats.

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
MintsLoader delivers GhostWeaver via phishing while ClickFix leverages DGA and TLS to execute stealth cyber attacks.