The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader malware is abusing malformed ZIP archives that bypass common tools like WinRAR & deliver JavaScript payloads via ...

How to protect your credit cards from 'web skimming' scams

Unfortunately, online shoppers aren't immune from this scheme. Web skimming is a type of cyberattack that uses malicious code ...
Infosecurity Magazine

CodeBuild Flaw Put AWS Console Supply Chain At Risk

A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...

CrowdStrike acquires browser security startup Seraphic Security for $400M

CrowdStrike plans to integrate Seraphic’s technology with its flagship Falcon cybersecurity platform. The development effort ...
The Hacker News

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Magecart web skimming campaign active since 2022 stealing credit card and personal data from compromised e-commerce checkout ...
Scared Of on MSN

Dark truth about digital skimming: Why your identity is at risk anywhere

Every time you shop online, fill out a form, or check out at your favorite website, invisible code might be watching.
DataBreachToday

Cryptohack Roundup: Alleged Fraud Kingpin Deported to China

This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early release, Unleash Protocol's $3.9M hack, ...

Browser extension malware infected 8.8M users in DarkSpectre attack

Browser extensions turned malicious after years of legitimate operation in DarkSpectre campaign affecting millions. The ...
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

ClickFix attack uses fake Windows BSOD screens to push malware

A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of ...

DarkSpectre quietly infected millions through seemingly legit browser extensions

The researchers initially discovered DarkSpectre while investigating ShadyPanda, a campaign based on popular Chrome and Edge extensions that infected over four million devices. Further analysis ...