GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...
The Hacker News

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

GhostPoster malware hid inside 17 Firefox add-ons, abusing logo files to hijack links, inject tracking code, and run ad fraud ...

Firefox security warning - multiple browser addons found to be riddled with malware, so be on your guard

More than a dozen Firefox extensions were found to be malicious, planting backdoors and keeping track of user browsing habits ...
Crypto News

Major JavaScript Library Breach Puts All Crypto Websites at Risk

React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...
The Hacker News

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

North Korea-linked attackers exploit CVE-2025-55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage ...

Multiple Firefox add-ons infected with 'GhostPoster' malware — how to stay safe

A newly discovered malware infected multiple Firefox browser add-ons with more than 50,000 downloads combined.
SecurityWeek

Chrome 143 Patches High-Severity Vulnerabilities

Google promoted Chrome 143 to the stable channel with patches for 13 vulnerabilities reported by external researchers.
CPO Magazine

North Korean Hackers Target Developers with Nearly 200 Malicious NPM Packages in “Contagious Interview” Hacking Campaign

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
The Indiana Lawyer

Deanna Marquez: Getting to the bottom of the metadata mayhem

Sometimes metadata is intentionally removed to protect exposure of sensitive details including names, comments, and revision ...
River Journal Online

Dynamic Asset Management: A Deep Dive into the Icons8 API

Most frontend projects follow a predictable path for asset management. You download an SVG bundle, drop it into a local ...
CSO Online

AI browsers can be tricked with malicious prompts hidden in URL fragments

Researchers discovered that adding instructions for AI-powered browser assistants after the hash (#) symbol inside URLs can influence their behavior to leak sensitive data and direct users to phishing ...