News

CoinDesk9h
CoinMarketCap Briefly Exploited With Wallet Phishing Pop-Up Message
The company has not disclosed how many users were affected or whether any wallets were compromised as a result of the exploit ...
Developer Tech2d
JavaScript packages hide ‘protestware’ against Russian users
Security researchers from Socket have stumbled upon a digital booby trap set for Russian-language users within JavaScript ...
INKY warns of new QR code phishing tactic using embedded JavaScript
QR code-based phishing, or “quishing,” is not new. INKY itself warned about its growing prominence back in 2023, but forward two years and INKY says that attackers are now going a step further by ...
The Hacker News4mon
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Present within the code is an obfuscated script that's configured to retrieve a next-stage payload from api.npoint[.]io, a cross-platform JavaScript information stealer that's capable of harvesting ...
TechCrunch5mon
Google begins requiring JavaScript for Google Search
Google says it has begun requiring users to turn on JavaScript, the widely used programming language to make web pages interactive, in order to use Google Search. In ...
CSOonline7mon
Rising ClickFix malware distribution trick puts PowerShell IT policies on notice
IT teams should revisit PowerShell restrictions as an increasingly used click-and-fix technique has users self-serving fake system issues by invoking malicious PowerShell scripts themselves ...
GitHub9mon
Adobe Photoshop Script for auto creating layers out of masks
This is a free JavaScript for Adobe Photoshop ... will be automatically created. This script works at best in combination with Crytpmatte render passes from 3D Software. They can be imported in ...
The Hacker News11mon
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
io JavaScript library is broader in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are embedding a polyfill script linking to the malicious domain as of ...
Ars Technica11mon
384,000 sites pull code from sketchy code library recently bought by Chinese firm
For years, the JavaScript code, hosted at polyfill ... By linking to cdn.polyfill[.]io, websites could ensure that devices using legacy browsers could render content in newer formats.
Bleeping Computer11mon
Cloudflare: We never authorized polyfill.io to use our name
"We have, over the last 24 hours, released an automatic JavaScript ... cdn.polyfill.io and provides information on switching to alternatives. Patching used to mean complex scripts, long hours ...
theregister12mon
If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately
The site offered polyfills – useful bits of JavaScript code that add functionality to ... Sites that embed poisoned scripts from polyfill.io and also bootcss.com may end up unexpectedly redirecting ...
Bleeping Computer12mon
Polyfill.io JavaScript supply chain attack impacts over 100K sites
For example, it adds JavaScript functions that are not available ... When developers embedded the cdn.polyfill.io scripts in their websites, they now pulled code directly from the Chinese ...