JavaScript

Cybercriminals plan to make L7 routers serve card stealing code
One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 …

Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …

Attackers are exploiting WordPress plugin flaw to inject malicious scripts
Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company …

Compromised ad company serves Magecart skimming code to hundreds of websites
Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to …

Magecart compromises Feedify to get to hundreds of e-commerce sites
Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card …

Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …

Thousands of government, orgs’ websites found serving crypto mining script
On Sunday, over 4,200 websites around the world started hijacking visitors’ browsers to mine the Monero crypto currency. The attack The problem was first noticed and …

How to make public Wi-Fi users mine cryptocurrency for you
Covertly roping unsuspecting users’ machines into mining cryptocurrency is a dream for many aspiring cryptocurrency owners, and some of them set aside ethical …

How to keep your browser and devices safe from cryptojackers
Cryptojacking makes surfing the web similar to walking through a minefield: you never know when you might land on a booby-trapped site. Stealthy cryptocurrency mining scripts …

The Wild West of drive-by cryptocurrency mining
As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …

Coinhive breached due to old, reused password
Coinhive has suffered another setback: their DNS records have been surreptitiously changed by attackers, allowing them to steal cryptocurrency mined via the project’s …

Compromised analytics provider made Equifax’s site point to malware
Yesterday’s revelation that Equifax’s credit report assistance Web page was spotted redirecting visitors to malware resulted in the company temporarily disabling …