Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
Residents at the Walker County Hospital District Board of Managers' June meeting accused the board of hiding its true ...
Microsoft reports an active cyber campaign targeting hotels in Europe and Asia using fake photo ZIPs, PowerShell malware, and Node.js implants with evolving evasion tactics. magnific.com Microsoft ...
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and ...
Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...
A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...
The malware blends data theft with remote code execution, “turning a financially motivated stealer into a lightweight backdoor,” Microsoft said. Microsoft Threat Intelligence is warning Windows users ...
A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer ...
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an ...