Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
heise online

JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...
SiliconANGLE

Barracuda report finds phishing kits doubled in 2025 as attacks grew more evasive

A new report out today from Barracuda Networks Inc. has detailed how phishing attacks grew more sophisticated and harder to detect in 2025 thanks to the rapid evolution of phishing-as-a-service kits ...
cryptopolitan

Maverick malware takes over WhatsApp Web

Cybersecurity researchers uncover Maverick malware spreading via WhatsApp Web, targeting Brazilian users with banking trojans and worms. The malware uses VBScript, PowerShell, and browser automation ...
TMCnet

Jscrambler Announces Industry's First AI Assistant to Streamline PCI DSS Script Authorization Workflows

New AI Innovation Combines Risk-based Insights, Actionable Recommendations, Instant Justifications, and Interactive Chat to Accelerate Compliance with PCI DSS v4 Anti-Skimming Requirements PORTO, ...
iapp.org

IP obfuscation popularity undermines privacy compliance strategies

Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains. Not only has compliance become ...
TechCrunch

North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say

Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic. On Tuesday, Elliptic published a blog post ...
coincentral

ModStealer Malware Targets Cryptocurrency Users and Spreads via Fake Job Ads

ModStealer malware targets cryptocurrency wallets and is undetected by antivirus tools. ModStealer spreads via fake recruiter ads and steals data from 56 browser wallet extensions. The malware ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
GitHub

regex-parser

⚡ A modern, regex-only YouTube signature deciphering library written in Python. Fully dynamic parser – no JavaScript, no execution, no AST. Latest obfuscation ...
Bleeping Computer

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. This occurred after maintainer accounts ...