Malicious NPM packages abuse Adspect redirects to evade security

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate ...

Server Security Scanner Vulnerability Affects Up To 56M Sites

Unpatched versions of Imunify360 AV expose hosting platforms that serve up to 56 million websites to possible full server ...
Hackaday

This Week In Security: Landfall, Imunify AV, And Sudo Rust

Let’s talk about LANDFALL. That was an Android spyware campaign specifically targeted at Samsung devices. The discovery story ...

Hackers found a way to weaponize CAPTCHA pages, and it's incredibly effective

A year of escalating social-engineering attacks has produced one of the most efficient infection chains observed to date. Known as ClickFix, this method requires only that ...

WordPress users beware - GootLoader strikes again, using font hack to spread malware

In the new campaign, Gootloader was most likely leveraged by a group known as Storm-0494, as well as its downstream operator, ...
Cryptopolitan on MSN

Cybersecurity researchers uncover malware targeting Brazilian users via WhatsApp Web

Cybersecurity firms CyberProof, Trend Micro, Sophos, and Kaspersky believe Maverick attacks WhatsApp web users by combining ...
The Hacker News

WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks

Maverick malware spreads via WhatsApp Web, targeting Brazilian banks through PowerShell and browser hijacking.

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to execute malicious code, remotely.
The Hacker News

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

"To achieve code execution, the attacker logged in using the newly created Admin account. The attacker uploaded malicious ...

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
Hosted on MSN

'Let's See A Short Video': Dick Durbin Flips The Script On GOP Colleagues When He Exposes Trump's Cognitive Decline In Anti-Biden Hearing

During another anti-Biden hearing held by Senate Republicans in the Judiciary Committee several months ago, Senator Dick Durbin (D-IL) flipped the script by showing a video exposing Donald Trump's ...