Attackers were found using a Lua-based malware loader posing as a TrueType font tile, with layered obfuscation and fileless ...
A large-scale phishing operation has been observed disguising a malicious script as a TrueType font file (.tff). Using the ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Malicious jscrambler 8.14.0 runs hidden binaries during npm install on Windows, macOS, and Linux, with no fix available as of ...
The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package environments. The threat cluster – identified as Contagious Interview or Famous ...
An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
The post Attackers adopt JavaScript runtime Bun to spread NWHStealer appeared first on Malwarebytes. In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers ...