cyber security
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection
A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi‑stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems.
Instead of dropping...
cyber security
CastleRAT Attack Leverages Deno JavaScript Runtime to Bypass Enterprise Defenses
A sophisticated malware campaign that abuses the Deno JavaScript runtime to deliver CastleRAT, a powerful remote access trojan designed for espionage and data theft....
cyber security
Magecart Hack Injects JavaScript to Steal Online Payment Data
A new Magecart-style campaign is actively targeting e-commerce websites by injecting malicious JavaScript that intercepts and exfiltrates payment card data during checkout.
The malicious...
cyber security
Beware of Fake Online Speedtest Apps with Hidden JavaScript Code
These fake online speedtest applications prey on users seeking to measure their internet performance, yet they harbor hidden payloads that compromise system integrity and...
cyber security
New Magecart Attack Injects Malicious JavaScript to Steal Payment Data
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms.
The threat surfaced after security...
cyber security
Web Application Firewall Bypassed via JS Injection with Parameter Pollution
In a recent autonomous penetration test, a novel cross-site scripting (XSS) bypass that sidesteps even highly restrictive Web Application Firewalls (WAFs).
Security researchers uncovered...
CVE/vulnerability
Critical Next.js Flaw Lets Attackers Bypass Authorization Controls
A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks by exploiting improper handling...
cyber security
Proxyware Malware Poses as YouTube Video Download Site, Delivering Malicious JavaScript
Cybersecurity researchers at AhnLab Security Intelligence Center (ASEC) have uncovered a persistent campaign where attackers distribute proxyware malware through fake YouTube video download pages....
Cyber Security News
14 Million-Download SHA JavaScript Library Exposes Users to Hash Manipulation Attacks
A critical security vulnerability has been discovered in the widely-used sha.js npm package, exposing millions of applications to sophisticated hash manipulation attacks that could...
cyber security
Hackers Exploit SVG Files with Embedded JavaScript to Deploy Malware on Windows Systems
Threat actors are increasingly using Scalable Vector Graphics (SVG) files to get beyond traditional defenses in the quickly developing field of cybersecurity.
Unlike raster formats...
APT
Chollima APT Group Targets Job Seekers and Organizations with JavaScript-Based Malware
The North Korean-linked Chollima advanced persistent threat (APT) group, also known as Famous Chollima, has been orchestrating a persistent cyber espionage campaign since at...