Bleeping Computer

Malicious code in Tornado Cash governance proposal puts user funds at risk

Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. This leak compromises the privacy and security ...
Hosted on MSN

WordPress users beware - GootLoader strikes again, using font hack to spread malware

Gootloader malware resurfaced in late October 2025 after a nine-month hiatus, used to stage ransomware attacks Delivered via malicious JavaScript hidden in custom web fonts, enabling stealthy remote ...
SiliconANGLE

INKY warns of new QR code phishing tactic using embedded JavaScript

A new report out today from cybersecurity company INKY Technology Corp. is sounding the alarm over a new wave of phishing threats that use QR codes in increasingly dangerous and deceptive ways, ...
Dark Reading

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack

Understanding how malware attacks work is vital to defend against them. To ease this process, threat analysts have developed models that map the stages of cybersecurity attacks, allowing defenders to ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Infosecurity-magazine.com

Threat Actors Shift to JavaScript-Based Phishing Attacks

Cybercriminals are using a wider-than-ever range of malicious documents to spread malware and gain initial access to target systems, according to HP Wolf Security. Alex Holland, principal threat ...