AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

How data is building a smarter, safer, more predictable Seattle

Today, we’re entering an era in which data is now the next major competitive differentiator across every industry in the ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.
GovInfoSecurity

Cryptohack Roundup: AppsFlyer SDK Breach Enabled Theft

This week, the AppsFlyer SDK breach, JPMorgan sued over ties to a Ponzi scheme, the OFAC sanctioned a network tied to North Korean IT workers, Venus Protocol hit by ...
Indianapolis Business Journal

Lilly spending $1.8B to update Indianapolis manufacturing operations

The Lilly Technology Center investment includes expanding existing capabilities and the establishment of new production lines.

Iran has not asked for ceasefire and sees no reason for talks with US, Iranian minister says

Donald Trump had said Tehran wanted a deal but he felt the terms were "not good enough". Meanwhile, Iran continues to strike ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Belgian diplomat faces trial over 1961 Congo leader killing

Etienne Davignon, the only surviving suspect, is ordered to stand trial over war crimes tied to Patrice Lumumba's killing six decades ago. The case represents a historic moment in confronting ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...