Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

The post Attackers adopt JavaScript runtime Bun to spread NWHStealer appeared first on Malwarebytes. In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

MuscalietJS is a layered architecture that splits responsibilities across two levels: a JavaScript-specific engine and a language-agnostic low-level VM. In principle, any managed language VM can serve ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...