The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Make Tech Easier

Malware Ridden Fake CAPTCHAs Make Me Hate CAPTCHAs Even More

Is that CAPTCHA you just encountered real? Find out how fake CAPTCHAs are installing hidden malware and how to stay safe.
IEEE

Nebula: Self-Attention for Dynamic Malware Analysis

Abstract: Dynamic analysis enables detecting Windows malware by executing programs in a controlled environment and logging their actions. Previous work has proposed training machine learning models, i ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple ...
Bleeping Computer

New malware service guarantees phishing extensions on Chrome web store

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. Researchers at end-to-end data ...
IEEE

A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms

Abstract: The increasing sophistication of malware threats has led to growing concerns in the anti-malware community, as malware poses a significant danger to online users despite the availability of ...