JavaScript
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). Juniper Threat Labs that spotted the attack reports that it took place in early January 2025 and carries signs of sophistication such as the use of: […]
Brave now lets you inject custom JavaScript to tweak websites
Brave Browser is getting a new feature called ‘custom scriptlets’ that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience. The new feature is coming in Brave Browser version 1.75 for the desktop and is very similar to the popular TamperMonkey and GreaseMonkey browser extensions, which allow users to create […]
European Space Agency’s official store hacked to steal payment cards
European Space Agency’s official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. With a budget over 10 billion euros, the mission of the European Space Agency (ESA) is to extend the limits of space activities by training astronauts and building rockets and […]
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of […]