Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
CSO Online

New ClickFix variant bypasses Apple safeguards with one‑click script execution

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...
The Hacker News

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

Evidence of Me Hitting Rock Bottom Is Publicly Available. Now I Have to Talk About It in Job Interviews.

I am a health care professional. Eleven years ago, I was in bad spot in my life. Instead of turning to drugs or alcohols to ...

Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.
KHQ

Spokane City Council approves contractor to move Monaghan statue

The Spokane City Council has approved a contract with Breithaupt & Sons to relocate the John R. Monaghan statue from downtown ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.
Infosecurity Magazine

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses ...