Security News

Phishing attack hides JavaScript using invisible Unicode trick
2025-02-19 20:14

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
2025-02-14 18:28

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The...

Brave now lets you inject custom JavaScript to tweak websites
2025-02-09 15:09

Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing...

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
2025-02-05 14:55

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting...

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
2024-12-03 05:23

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed...

Polyfill.io JavaScript supply chain attack impacts over 100K sites
2024-06-25 18:10

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. The polyfill.io service is used by hundreds of thousands of sites to allow all visitors to use the same codebase, even if their browsers do not support the same modern features as newer ones.

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
2024-05-23 05:33

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell....

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
2024-04-16 15:16

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source...

New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide
2023-12-21 12:38

A new piece of JavaScript malware has been observed attempting to steal users' online banking account credentials as part of a campaign that has targeted more than 40 financial institutions across...

Something nasty injected login-stealing JavaScript into 50K online banking sessions
2023-12-20 23:45

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. This injected code executes on the page in the browser, and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.