New malware service guarantees phishing extensions on Chrome web store

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
GitHub

MBII-Galactic-Conquest/godfinger

A modular script extension system that allows streamlined rcon & plugin interaction to simplify serverside processing for MBII in python. Aimed to better equip server owners to improve their own ...
InfoWorld

jQuery 4.0.0 JavaScript library features trusted types

The first major update in nearly 10 years, jQuery 4.0.0 follows a long development cycle and several pre-releases.

Fake ad blocker extension crashes the browser for ClickFix attacks

A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the ...
How-To Geek on MSN

What is headless Chrome, and why would anyone want a headless browser?

Your browser has hidden superpowers and you can use them to automate boring work.
The Hacker News

CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures

Researchers uncovered a CrashFix campaign where a fake Chrome ad blocker crashes browsers to trick users into installing the ...

WhatsApp Web malware spreads banking Trojan automatically

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.
GitHub

l-urk/CVE-2024-6387

🔒 CVE-2024-6387 regreSSHion remote code execution vulnerability exploit script usage: regreSSHion.py [-h] -i IP -p PORT [-t] [-c] [-d] [-r] [-x] [-y] [-z] 🔒 CVE ...
Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...