Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Mar 28, 2025Ravie LakshmananCryptocurrency / Developer Security Cybersecurity researchers have discovered several…
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out…
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor…
Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
Feb 10, 2025Ravie LakshmananMalware / Payment Security Threat actors have been observed…
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Feb 05, 2025Ravie LakshmananCryptocurrency / Data Breach The North Korea-linked Lazarus Group…
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
Jan 24, 2025Ravie LakshmananVulnerability / JavaScript The U.S. Cybersecurity and Infrastructure Security…
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign…
New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites
Jan 01, 2025Ravie LakshmananWeb Security / Vulnerability Threat hunters have disclosed a…
North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign
Dec 27, 2024Ravie LakshmananCryptocurrency / Cyber Espionage North Korean threat actors behind…