Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
The Hacker News

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

Microsoft says hotel phishing emails are using Calendly links and photo ZIP files to drop the TonRAT Node.js implant on front ...
InfoWorld

Deno update streamlines creation of desktop apps

Experimental ‘deno desktop’ feature in Deno 2.9 produces a native desktop application that compiles into a single ...
Dark Reading

Phishers Gain Persistence at EU, Asia Hospitality Orgs

Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
SecurityWeek

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

A threat actor has been exploiting CVE-2026-48558, a critical SimpleHelp vulnerability, to drop TaskWeaver and Djinn Stealer ...

SimpleHelp Flaw Exploited to Deploy Malware Targeting Windows, macOS, and Linux

A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...

No more Java refills for Intel Macs after JDK 27, says Oracle

Oracle is moving to stop maintaining the macOS/x64 port of the Java Development Kit (JDK) from version 27, which is expected ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy ...

APP-STORE PERFORMANCE WITHOUT THE STORE: COAX SOFTWARE CLIMBS INTO TECHREVIEWER’S ELITE TOP WEB DEVELOPERS SELECTION

COAX Software receives a top position in Techreviewer’s USA web developers index. This shows recognition for scalable ...
Tech Times

Fake Perplexity Chrome Extension: How One Permission Combo Logged Every Keystroke

Fake Perplexity Chrome extension exploited a legal permission combination to log every address-bar keystroke before ...
Infosecurity Magazine

Hackers Leverage Blockchain to Hit Japan's Hotels Through Booking.com Phishing

A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware ...