The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Securonix uncovers the Veil#Drop malware framework, which abuses compromised websites and Google Blogspot to deploy the PureLog information stealer.
A fileless malware framework is abusing Google’s Blogspot platform to deliver PureLog Stealer directly into computer memory, sharpening concerns that trusted web services are being turned into staging ...
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the ...
AnthropicのAIコーディングツール「Claude ...
Chrome拡張機能「Adblock for YouTube」について、「サーバー側の設定を1つ変更するだけでユーザーのブラウザ上で任意のJavaScriptをページ内で実行できる設計になっている」とエンタープライズブラウザ企業のIslandが指摘しました。Islandは悪意あるコードが実際に配信された形跡は確認していないとしたうえで、1100万件以上インストールされている拡張機能に危険な実行経路 ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Kaspersky reports ToddyCat’s Umbrij abuses headless Chromium and OAuth flows to extract Gmail authorization codes, enabling ...
一部の結果でアクセス不可の可能性があるため、非表示になっています。
アクセス不可の結果を表示する