The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Threat Post

Microsoft Research Develops Zozzle JavaScript Malware Detection Tool

As browser-based exploits and specifically JavaScript malware have shouldered their way to the top of the list of threats, browser vendors have been scrambling to find effective defenses to protect ...
Yahoo Finance

Introducing Chainguard Libraries for JavaScript: Malware-Resistant Dependencies Built Entirely from Source

The risk in the JavaScript ecosystem isn't theoretical: earlier this month, a number of packages used by millions of developers were compromised via malicious code. These malware attacks against ...
Bleeping Computer

Stealthy new JavaScript malware infects Windows PCs with RATs

A new stealthy JavaScript loader named RATDispenser is being used to infect devices with a variety of remote access trojans (RATs) in phishing attacks. The novel loader was quick to establish ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
Threat Post

Click-Fraud Malware Spreading via JavaScript Attachments

The SANS Internet Storm Center reports a rash of malicious spam pushing Kovter click-fraud malware. A new malware campaign has been spotted that has begun seeding spam messages with a downloader ...
Bleeping Computer

IRS-authorized eFile.com tax return software caught serving JS malware

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. Security researchers state the malicious JavaScript ...