JavaScript, the ubiquitous scripting language used across Web applications worldwide, is becoming a key ingredient in phishing campaigns looking to plant malicious code on victims' computers, new ...

LummaC2, an infostealer malware actively exploiting PowerShell commands, has resurfaced to infiltrate and exfiltrate sensitive data. Discovered by cybersecurity researchers at Ontinue, the malware’s ...

Cybersecurity firms CyberProof, Trend Micro, Sophos, and Kaspersky believe Maverick attacks WhatsApp web users by combining ...

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component ...

Google's Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language ...

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware ...

Google has banned obfuscated code for Chrome Web Store extensions to reduce policy violations in a move likely to affect cryptojackers. Google’s new restrictions on Chrome Web Store extensions ...

[Excerpted from "Malware War: How Malicious Code Authors Battle to Evade Detection," a new, downloadable report available this week on Dark Reading's Advanced Threats Tech Center.] Reverse engineering ...

Zach began writing for CNET in November, 2021 after writing for a broadcast news station in his hometown, Cincinnati, for five years. You can usually find him reading and drinking coffee or watching a ...