JSON Web Token Vulnerability
A security flaw with risk severity of high has been found in the popular JsonWebToken open-source JavaScript package. The attacker could perform RCE on a server verifying a maliciously crafted…
WordPress sites at risk due to malicious Java scripts
Researchers discovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. Once after the infection it automatically redirect site…
DarkWatchman RAT
A new JavaScript based RAT dubbed DarkWatchman propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection evasion methods to elude discovery…
RATDispenser JavaScript Loader
Researchers discovered a new strain of JavaScript malware that criminals are using as a way to infect systems and then deploy dangerous remote access trojans. Dubbed RATDispenser, the malware has…
Java Script Under Serious Obfuscation
A new study of over 10,000 malicious JavaScript samples, over 25% of the samples analyzed use JavaScript obfuscation methods to prevent detection and analysis. Obfuscation is a powerful technique used…
Chrome gets Spooked
A newly found side-channel attack targeting Google Chrome might allow an attacker to use a Spectre-style attack to bypass the web browser's security protections and extract sensitive information. Spook.js is…
Posted inSecurity
FIN7 Drops Payloads
A recent spear-phishing attacks conducted by financially motivated threat actor FIN7 using weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript backdoor.…
Google Chrome 7th Zero Day
Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. No details…