AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Critical Chrome Security Flaws Threaten Billions of Users Worldwide

Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update.
The Hacker News

Investigating a New Click-Fix Variant

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

This critical Chrome browser vulnerability lets malicious extensions spy on your PC

This critical Chrome browser vulnerability lets malicious extensions spy on your PC ...
SecurityWeek

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.
Graham Cluley

Smashing Security podcast #458: How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within ...
Cyber Daily

Exclusive: SafePay ransomware claims hack of Smile Team Orthodontics

The SafePay ransomware group has listed an NSW-based dental practice as a victim on its darknet leak site and has published a raft of documents stolen during the breach. Smile Team Orthodontics was ...