AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
Good e-Reader

Amazon has changed e-book encryption on older Kindle e-readers

Amazon has just changed the encryption used for Kindle books on older e-readers without a software update. Any Kindle with ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Hacker News

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Rust-based VENON malware targets 33 Brazilian financial platforms using advanced evasion and overlays, enabling credential theft.
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.