AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Security News This Week: A Hacker Accidentally Broke Into the FBI’s Epstein Files

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
PCMag

Fake Apps, Fraudulent Emails, and Very Real Hackers: Another Week in the Infosec Trenches

This week saw attacks on Claude Code users, LastPass users, Starlink users, and, perhaps worst of all, people who needed an ambulance. Add a dash of AI hacking, and you have another wild week in ...
Dlh

Programming-Based Bullet-Heaven Net.Attack() - Code or Die! DEPLOYED NOW on Steam

After eight months in Early Access and ongoing community-driven updates, German indie developer and publisher ByteRockers' Games has now launched the full 1.0 version of Net.Attack() – Code or Die! on ...

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover ...
Pen Test Partners

Taming the dragon: reverse engineering firmware with Ghidra

Introduction   I stumbled into infosec the same year the NSA graced us with Ghidra. It’s by far become the most used tool in ...