MediaPost

Images Injected With Script Code Pose Malicious Threat

The number of Web sites blocked worldwide by security applications for hosting malicious code and content rose by 197.2% to 2,797 sites per day in March, the highest level since October 2008, ...
Bleeping Computer

Malvertising Attack Sneaks JavaScript Payload in Polyglot Images

A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page ...
Threat Post

PNG Image Metadata Leading to iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading malicious obfuscated JavaScript code stored in a PNG file’s metadata to trigger iFrame injections.
ZDNet

Malvertising campaign targets Apple users with malicious code hidden in images

Apple users continue to be some of the favorite targets of malvertising campaigns, according to a report published this week by cyber-security firm Confiant. The report describes a new malvertising ...
Ars Technica

Malvertisers target Mac users with steganographic code stashed in images

Researchers have uncovered a recent malicious advertisement campaign that’s notable for its size, scope, and resourcefulness: a two-day blitz triggered as many as 5 million times per day that used ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...