Bleeping Computer

Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism inside a popular —albeit deprecated— JavaScript ...
ZDNet

Hacker backdoors popular JavaScript library to steal Bitcoin funds

A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The ...
The Hacker News

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Huntress finds three GootLoader infections since Oct 27, 2025; two led to domain controller compromise within 17 hours.
Lifehacker

How to Block JavaScript on Specific Websites (and Why You Should)

JavaScript is a double-edged sword: It adds lots of useful features to your favorite websites, such as interactive maps, loading images in the background, refreshing content on a site without ...
The Register on MSN

Gootloader malware back for the attack, serves up ransomware

Move fast - miscreants compromised a domain controller in 17 hours Gootloader JavaScript malware, commonly used to deliver ...
Bleeping Computer

Hackers hide credit card stealing script in favicon metadata

Hackers are always evolving their tactics to stay one step ahead of security companies. A perfect example of this is the hiding of malicious credit card stealing scripts in the EXIF data of a favicon ...