Bleeping Computer

Malicious code in Tornado Cash governance proposal puts user funds at risk

Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. This leak compromises the privacy and security ...
Infosecurity Magazine

Global Magecart Campaign Targets Six Card Networks

Silent Push has discovered a new Magecart campaign targeting six major payment network providers that has been running since ...
PC Magazine

$1.4 Billion Crypto Heist Traced To Hackers Breaching Safe{Wallet}

$1.4 Billion Crypto Heist Traced To Hackers Breaching Safe {Wallet} The malicious Javascript code used in the attack could secretly modify transactions for Safe {Wallet}, a cryptocurrency wallet ...
Dark Reading

WordPress Supply Chain Attack Spreads Across Multiple Plug-ins

A threat actor or actors has compromised multiple plug-ins on the WordPress.org site with code aimed at giving attackers administrative privileges as well as conducting further malicious activity. Of ...
Dark Reading

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack

Understanding how malware attacks work is vital to defend against them. To ease this process, threat analysts have developed models that map the stages of cybersecurity attacks, allowing defenders to ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.