Security News

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
2025-03-27 08:13

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access
2025-03-06 09:57

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having...

Phishing attack hides JavaScript using invisible Unicode trick
2025-02-19 20:14

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political...

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
2025-02-14 18:28

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The...

Brave now lets you inject custom JavaScript to tweak websites
2025-02-09 15:09

Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing...

Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
2025-02-05 14:55

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting...

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
2024-12-03 05:23

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed...

Polyfill.io JavaScript supply chain attack impacts over 100K sites
2024-06-25 18:10

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. The polyfill.io service is used by hundreds of thousands of sites to allow all visitors to use the same codebase, even if their browsers do not support the same modern features as newer ones.

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
2024-05-23 05:33

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell....

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
2024-04-16 15:16

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source...