SimpleHelp CVE-2026-48558 Exploited to Deploy TaskWeaver and Djinn Stealer Malware
An unknown threat actor is exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp (CVSS 10.0), to deliver two new malware families:…
An unknown threat actor is exploiting CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp (CVSS 10.0), to deliver two new malware families:…
A heavily obfuscated Node.js loader delivered as jquery.js, executed via node.exe. It establishes encrypted communications with a remote server and retrieves additional…
Microsoft has issued a warning about an active phishing campaign targeting hotels and hospitality organizations across Europe and Asia since April 2026.…
TonRAT is a Node.js-based implant used in a phishing campaign targeting hotels. It resolves C2 domains via the TON blockchain API and…
GitHub has announced significant security changes for npm version 12, set to release next month, aimed at mitigating software supply chain attacks.…
Cybersecurity researchers have identified multiple ClickFix campaigns deploying three new malware loaders: BabaDeda Loader, Lorem Ipsum Loader, and Potemkin. These campaigns use…
Cybersecurity researchers at JFrog have uncovered a set of malicious npm packages that masquerade as legitimate PostCSS tools to deliver a Windows-based…
The phishing campaign downloads a legitimate Node.js v24.13.0 runtime from nodejs.org to execute the TonRAT implant in user space.