Npm Package Hides Malware in Steganographic QR Codes
The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.
In the height of tax-return season, a popular tax prep software service leaves a malicious JavaScript file online for weeks.
New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.
TA569 has modified the JavaScript of a legitimate content and advertising engine used by news affiliates, in order to spread the FakeUpdates initial access framework.
Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.