The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Fortinet warns Stealit malware uses Node.js SEA and fake installers to deliver stealers, RATs, and persistence.

Hackers exploited Zimbra flaw as zero-day using iCalendar files

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in ...
Arabian Post

Massive npm-Based Phishing Network Exposed Under “Beamglea” Campaign

A worm-like campaign named Shai-Hulud has been flagged, targeting widely used packages and propagating itself by harvesting secrets and inserting backdoors. It operates across npm accounts, installing ...
ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a ...

New FileFix attack uses cache smuggling to evade security software

A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto ...