Malicious NPM package uses Unicode steganography to evade detection
A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links...
Read more →News Archive
View All →
Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
A sophisticated cyberespionage campaign, dubbed Operation RoundPress, has been uncovered by cybersecurity researchers at ESET. Attributed with medium confidence to...
Read more →
FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates
FrigidStealer malware targets macOS users via fake browser updates, stealing passwords, crypto wallets, and notes using DNS-based data theft methods....
Read more →
Back To Basics For Every Employee
More CISOs than ever—80 percent—see human risk, in particular negligent employees, as the most serious vulnerability. Cybercrime is big business. Cybersecurity...
Read more →
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
May 15, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as...
Read more →
TransferLoader Malware Enables Attackers to Execute Arbitrary Commands on Infected Systems
A formidable new malware loader, dubbed TransferLoader, has emerged as a significant cybersecurity threat, as detailed in a recent report...
Read more →
Building a Culture of Credential Protection in Dev Teams
Credential protection is key to preventing breaches. Secure APIs, rotate secrets and train devs to handle credentials safely and efficiently....
Read more →
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available...
Read more →
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon,...
Read more →
Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures
Cybercriminals aren’t so different from the rest of us — they live in the real world, and their spending and investment...
Read more →
Why Cloud Phone Systems are The Future of Business Communication
Over the years, many different technologies have transitioned to Cloud-based solutions, including ERP systems and email management platforms. Phone systems...
Read more →
PentestPad streamlines security testing workflows
PentestPad announced a major rollout of new features to its platform, built to transform how modern security teams deliver penetration...
Read more →