Bleeping Computer

Malicious code in Tornado Cash governance proposal puts user funds at risk

Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. This leak compromises the privacy and security ...

Malicious Zoom stealer extensions can leak your private meeting details — how to stay safe

Chrome, Edge and Firefox users are under attack by a new malware that uses malicious browser extensions to steal meeting info ...
Dark Reading

WordPress Supply Chain Attack Spreads Across Multiple Plug-ins

A threat actor or actors has compromised multiple plug-ins on the WordPress.org site with code aimed at giving attackers administrative privileges as well as conducting further malicious activity. Of ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Infosecurity-magazine.com

Threat Actors Shift to JavaScript-Based Phishing Attacks

Cybercriminals are using a wider-than-ever range of malicious documents to spread malware and gain initial access to target systems, according to HP Wolf Security. Alex Holland, principal threat ...