WordPress malware uses Steam profile comments for command and control

The comments on some Steam Profiles are actually loaded with invisible malware.
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...
The Hacker News

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named ...

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Today

The true story that inspired 'From Scratch,' according to the woman who lived it

Warning: This story has spoilers for "From Scratch." Viewers unfamiliar with Tembi Locke's 2019 memoir "From Scratch" may be surprised by where the Netflix miniseries's plot — which is based on a true ...
The Wire

CBSE Is Under Fire Thanks to the Efforts of Teenagers

Ethical hacker Nisarga Adhikary's attention to the portal's vulnerabilities, the work of Sarthak Sidhant who looked at the ...