Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Security Boulevard

Attackers adopt JavaScript runtime Bun to spread NWHStealer

The post Attackers adopt JavaScript runtime Bun to spread NWHStealer appeared first on Malwarebytes. In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers ...
IEEE

JSObfusDetector: A binary PSO-based one-class classifier ensemble to detect obfuscated JavaScript code

Abstract: JavaScript code obfuscation has become a major technique used by malware writers to evade static analysis techniques. Over the past years, a number of dynamic analysis techniques have been ...
Infosecurity-magazine.com

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
The Hacker News

Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers

Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first ...
Microsoft

Threat actors misuse Node.js to deliver malware and other malicious payloads

Since October 2024, Microsoft Defender Experts (DEX) has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to ...
Security Boulevard

Analyzing anti-detect browsers: How to detect scripts injected via CDP in Chrome

This is the third article in our series on anti-detect browsers. In our previous article, we analyzed Undetectable, a widely used anti-detect browser. In this article, we present two effective methods ...
Blue Headlineq

JavaScript Obfuscator: Minify and Secure Your JS Code

This JavaScript Obfuscator allows you to easily protect your code by combining the power of UglifyJS for minification and compression with advanced obfuscation techniques from JavaScript Obfuscator.
Linux Journal

Why Linux Is The Open Source Backbone of Decentralized Applications (dApps) and Cryptocurrencies

Blockchain technology and Linux, while seemingly different, share a foundational philosophy: openness, security, and decentralization. Linux, an open source operating system, powers an immense range ...
The Hacker News

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several ...