A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware into them, and then did something that, according to researchers at Mend.io, ...

The concept of a virtual Document Object Model (DOM) was first introduced by the JavaScript framework React in 2013 and is still used today, both by React and other frameworks like Vue.js. The idea is ...

Abstract: Obfuscation has become a popular technique used by attackers to hide malicious code in JavaScript applications. The detection of obfuscated code in JavaScript is a challenging task. A survey ...

JSfuscator is a free web service for obfuscating JavaScript code, protecting it from reverse engineering. It offers techniques like variable renaming, string encoding, and control flow flattening, ...

Mozilla this week announced plans to update its Add-on Policy for Firefox, to ban extensions that contain obfuscated code. The change, which will enter into effect on June 10, 2019, is expected to ...