The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.

Hackers are using LLMs to build the next generation of phishing attacks - here's what to look out for

A victim would be phished to visit a seemingly benign webpage. It contains no visible malicious code, but once loaded, it ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
Cybernews

Cybercrooks are now creating live, personalized phishing pages in real time

At first glance, it’s a normal and harmless webpage, but it’s able to transform into a phishing site after a user has already ...

Web skimming attacks target major payment networks

Web skimming campaigns use obfuscated JavaScript code to steal credit card data from checkout pages without detection by ...

Trump's attacks on NATO allies and demands for Greenland sideline efforts to support Ukraine

Volodymyr Zelenskyy delayed his plans to attend Davos on Tuesday, saying he would only go if documents on security guarantees ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

North Korean hackers target Microsoft Virtual Studio Code

As part of the infamous Contagious Interview campaign, North Korean threat actors were seen abusing legitimate Microsoft Visual Studio Code in their attacks.