Infosecurity Magazine

Global Magecart Campaign Targets Six Card Networks

Silent Push has discovered a new Magecart campaign targeting six major payment network providers that has been running since ...
Bleeping Computer

Malicious code in Tornado Cash governance proposal puts user funds at risk

Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. This leak compromises the privacy and security ...
PC Magazine

$1.4 Billion Crypto Heist Traced To Hackers Breaching Safe{Wallet}

$1.4 Billion Crypto Heist Traced To Hackers Breaching Safe {Wallet} The malicious Javascript code used in the attack could secretly modify transactions for Safe {Wallet}, a cryptocurrency wallet ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.