https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html A new cyberattack technique dubbed “DoubleClickjacking” has been discovered, exploiting the timing between double-clicks to bypass existing clickjacking protections. This allows attackers to...
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/12/14-million-people-don-t-know-how-to-erase-their-data-from-an-old-device A new survey from the UK’s Information Commissioner’s Office (ICO) reveals that nearly a third of adults in the UK...
https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code Cybersecurity researchers have discovered malicious packages uploaded to the Python Package Index (PyPI) and the Visual Studio Code Marketplace. These packages, disguised as...
https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it A sophisticated cyberattack has compromised at least 35 Chrome browser extensions, potentially exposing over 2.6 million users to data theft and credential...
https://arxiv.org/pdf/2412.13459 A new study reveals a significant problem with inauthentic “stars” being used to artificially inflate the popularity of scam and malware distribution repositories on GitHub. These fake stars mislead users into trusting...
https://www.sonatype.com/blog/counterfeit-eslint-and-node-types-libraries-downloaded-thousands-of-times-abuse-pastebin Cybersecurity researchers have discovered a wave of malicious npm packages and Visual Studio Code (VSCode) extensions targeting developers. These...
https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript Cybersecurity researchers from Palo Alto Networks warn that large language models (LLMs) can be used by malicious actors to generate undetectable malware variants. LLMs, despite limitations...
https://medium.com/@amitassaraf/vscode-extension-trivia-real-or-cake-f729adc9e03e Cybersecurity researchers have discovered a wave of malicious Visual Studio Code extensions designed to steal credentials from developers. These extensions, disguised as legitimate tools...
https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters A new phishing campaign is targeting businesses by exploiting Google Calendar to deliver malicious links and bypass spam filters. How the Scam Works:...
https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6 The U.S. government is investigating TP-Link, a leading manufacturer of home routers, over concerns about national security risks. This investigation could potentially lead to...
