Tag JavaScript

North Korean Hackers Unleash OtterCookie Malware in Widespread Interview Scheme

Recent cybersecurity revelations highlight the activities of North Korean threat actors, specifically within the context of the ongoing Contagious Interview campaign. This campaign has introduced a new JavaScript malware identified as OtterCookie, further escalating the threat landscape. Known as Contagious Interview (alternatively termed DeceptiveDevelopment), this persistent attack strategy employs social…

Read MoreNorth Korean Hackers Unleash OtterCookie Malware in Widespread Interview Scheme

Hackers Concealed Malware Using Complex AI Code

Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Attackers Conceal Malware Within Vector Image Rashmi Ramesh (rashmiramesh_) • September 24, 2025 Image: Shutterstock Recent findings indicate that hackers have utilized artificial intelligence-generated code to embed malware in a sophisticated phishing campaign, according to insights from Microsoft. This malware…

Read MoreHackers Concealed Malware Using Complex AI Code

AsyncRAT Campaign Deploys Python Payloads and TryCloudflare Tunnels for Stealthy Attacks

Recent investigations have revealed a sophisticated malware campaign deploying a remote access trojan (RAT) called AsyncRAT, utilizing Python payloads and TryCloudflare tunnels for distribution. Forcepoint X-Labs researcher Jyotika Singh indicated that AsyncRAT capitalizes on the async/await programming model, allowing attackers to covertly access and manipulate infected systems, exfiltrate data, and…

Read MoreAsyncRAT Campaign Deploys Python Payloads and TryCloudflare Tunnels for Stealthy Attacks

JavaScript Cross-Platform Malware Targets Crypto Wallets in Latest Lazarus Group Operation

A new cyber threat attributed to the North Korea-linked Lazarus Group has surfaced, where attackers exploit fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malicious software. This campaign targets operating systems across the board, including Windows, macOS, and Linux. According to cybersecurity firm Bitdefender, the operation…

Read MoreJavaScript Cross-Platform Malware Targets Crypto Wallets in Latest Lazarus Group Operation

New Variant of Snake Keylogger Uses AutoIt Scripting to Bypass Detection

A new variant of the Snake Keylogger is intensifying its malicious activities, primarily targeting Windows users in countries including China, Turkey, Indonesia, Taiwan, and Spain. According to Fortinet FortiGuard Labs, this malware has been linked to over 280 million blocked infection attempts globally since the beginning of the year. Snake…

Read MoreNew Variant of Snake Keylogger Uses AutoIt Scripting to Bypass Detection

Hackers Breach 18 NPM Packages in Supply Chain Attack

Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…

Read MoreHackers Breach 18 NPM Packages in Supply Chain Attack

Over 1,000 WordPress Sites Compromised by JavaScript Backdoors Allowing Ongoing Attacker Access

Recent reports indicate that over 1,000 WordPress-based websites have fallen victim to an attack involving the injection of malicious third-party JavaScript code, which establishes four distinct backdoors for attackers. This technique allows cybercriminals to regain access to compromised systems even if one entry point is discovered and removed, as noted…

Read MoreOver 1,000 WordPress Sites Compromised by JavaScript Backdoors Allowing Ongoing Attacker Access

Supply-Chain Attack Targets Software Packages Exceeding 2 Billion Weekly Downloads

Hackers have executed a significant supply-chain attack by embedding malicious code into a variety of open-source software packages, impacting more than 2 billion weekly updates. This incident, which has been characterized as possibly the largest of its kind to date, compromised nearly two dozen packages hosted on the npm repository,…

Read MoreSupply-Chain Attack Targets Software Packages Exceeding 2 Billion Weekly Downloads

Google Reveals 75 Zero-Day Exploits in 2024 — 44% Aimed at Enterprise Security Solutions

In a recent report, Google disclosed its findings on the exploitation of 75 zero-day vulnerabilities throughout 2024, a decline from 98 detected in 2023 yet an increase from the previous year’s 63. Notably, 44% of these vulnerabilities primarily targeted enterprise products, with 20 affecting security software and appliances. The Google…

Read MoreGoogle Reveals 75 Zero-Day Exploits in 2024 — 44% Aimed at Enterprise Security Solutions