Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon ...
The OpenSourceMalware team has uncovered a massive threat campaign that is implanting malware in GitHub users and organizations repositories. The threat actor, PolinRider, has implanted a malicious ...
A new campaign targeting Ukrainian entities and attributed to actors linked to Russia employs various judicial- and charity-themed lures to deploy a JavaScript‑based backdoor that runs in the Edge ...
A recent Hacker News post looked at the reverse engineering of TikTok’s JavaScript virtual machine (VM). Many commenters assumed the VM was malicious, designed for invasive tracking or surveillance.
This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit ...
For the 15 teams competing at HackMT 2025, app development took priority over sleep. Over 130 participants raced the clock in the annual competition from Jan. 31 – Feb. 2. Team leaders presented their ...
This JavaScript Obfuscator allows you to easily protect your code by combining the power of UglifyJS for minification and compression with advanced obfuscation techniques from JavaScript Obfuscator.
Cybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. ...