PureLogs Variant Steals Data via Purchase Order Lures
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
JavaScript is a scripting language used in web pages and applications, where flaws in code or dependencies can enable attacks and data theft.
Search across headline titles and summaries.
Background for this topic.
JavaScript is a programming language used to add behavior to web pages and to build applications that run outside the browser, including server-side services and tooling. In browsers, scripts can read and modify a page’s content and interact with available web APIs, subject to the browser’s security boundaries.
Its main security risks include cross-site scripting (XSS), in which attacker-controlled input is executed as page code, and DOM-based flaws caused by unsafe handling of data in client-side code. Third-party scripts and package dependencies also expand the code supply chain and may expose user data or introduce vulnerable behavior. Practical controls include context-aware output encoding, avoiding unsafe DOM sinks, restrictive Content-Security-Policy rules, and reviewing, pinning, and monitoring dependencies for vulnerabilities.
Weekly headline count for the current query.
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
A new phishing campaign uses SVG files for JavaScript redirects, bypassing traditional detection methods
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page
A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor
Cybercriminals are increasingly prioritizing script-based phishing techniques over one based on traditional malicious documents
First found in 2019, JSOutProx combines JavaScript and .NET functionalities to infiltrate systems
Google has launched capture the flag (CTF) competitions focused on Chrome’s V8 JavaScript engine and Google Cloud’s kernel-based virtual machine (KVM)
The extension employs various JavaScript scripts to manipulate users' browsers
Vastflux operation injected obfuscated JavaScript into ads
The flaw relates to a type confusion bug in the V8 JavaScript engine
Consumers should protect themselves by using least-privilege principles
LogoKit is based on JavaScript and can change logos and text on landing pages in real-time