Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...
heise online

JavaScript Sandbox vm2: Critical Vulnerability Allows Escape

vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...
SiliconANGLE

Barracuda report finds phishing kits doubled in 2025 as attacks grew more evasive

A new report out today from Barracuda Networks Inc. has detailed how phishing attacks grew more sophisticated and harder to detect in 2025 thanks to the rapid evolution of phishing-as-a-service kits ...
cryptopolitan

Maverick malware takes over WhatsApp Web

Cybersecurity researchers uncover Maverick malware spreading via WhatsApp Web, targeting Brazilian users with banking trojans and worms. The malware uses VBScript, PowerShell, and browser automation ...
TechCrunch

North Korean hackers stole over $2 billion in crypto so far in 2025, researchers say

Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic. On Tuesday, Elliptic published a blog post ...
coincentral

ModStealer Malware Targets Cryptocurrency Users and Spreads via Fake Job Ads

ModStealer malware targets cryptocurrency wallets and is undetected by antivirus tools. ModStealer spreads via fake recruiter ads and steals data from 56 browser wallet extensions. The malware ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
GitHub

regex-parser

⚡ A modern, regex-only YouTube signature deciphering library written in Python. Fully dynamic parser – no JavaScript, no execution, no AST. Latest obfuscation ...