Bleeping Computer

New PindOS JavaScript dropper deploys Bumblebee, IcedID malware

Security researchers discovered a new malicious tool they named PindOS that delivers the Bumblebee and IcedID malware typically associated with ransomware attacks. PindOS is a simple JavaScript ...
Bleeping Computer

Attackers use SVG files to smuggle QBot malware onto Windows systems

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through ...
CSOonline

NPM JavaScript registry suffers massive influx of malware, report says

The NPM JavaScript registry has experienced a jump in malware, including packages related to data theft, crypto mining, botnets, and remote code execution, according to security company WhiteSource.
Hosted on MSN

Not pretty, not Windows-only: npm phishing attack laces popular packages with malware

The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
SiliconANGLE

Deep Instinct uncovers new JavaScript-based malware dropper

Threat protection startup Deep Instinct Ltd.’s Threat Research Lab today provided details of a new strain of JavaScript-based dropper that delivers two forms of malware onto victims’ computers. Dubbed ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...