The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Tech Times

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
Infosecurity-magazine.com

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim to deliver data stealing malware to devices running on Microsoft Windows.
decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

Add Decrypt as your preferred source to see more of our stories on Google. Attackers used fake GitHub accounts to tag developers, claiming they had won $5,000 in ...
CSOonline

North Korean fake IT worker tradecraft exposed

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans. Research from GitLab has exposed the latest ...
Infosecurity-magazine.com

New BeaverTail Malware Variant Linked to Lazarus Group

A newly observed variant of the BeaverTail malware has been tied to hackers associated with North Korea. The findings come from Darktrace’s latest The State of Cybersecurity report, which links ...
CSOonline

How phishers are weaponizing SVG images in zero-click, evasive campaigns

Threat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an ...
SecurityWeek

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Ontinue warns of a newly observed phishing campaign leveraging Scalable Vector Graphics (SVG) files in redirect attacks that evade traditional detection. While considered harmless image formats, SVG ...
The Hacker News

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto ...
Forbes

Do Not Open This PDF On A Microsoft Windows PC

A few weeks on from Microsoft warning Windows users that PDF attachments are increasingly being used in attacks, there’s another warning and a new lure. While the Windows-maker’s alert for PC users ...
Bleeping Computer

Phishing attack hides JavaScript using invisible Unicode trick

A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action ...