Magecart hits hundreds of websites via ad supply chain hijack

A criminal Magecart gang successfully compromised hundreds of ecommerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online.

Read more in my article on the Tripwire State of Security blog.

StatCounter web analytics script poisoned to steal Bitcoins

Security researchers at ESET discovered that hackers managed to compromise StatCounter and change the analytics script used by hundreds of thousands of websites.

Cryptomining with JavaScript in an Excel spreadsheet

It didn’t take long at all for a security researcher to demonstrate how easy it was to turn an Excel spreadsheet into a cryptomining machine.

Bad guys have something new to play with! Microsoft Excel adds support for JavaScript

Microsoft has launched some new features in its Excel spreadsheet software that will boost its power. But will that only be for the benefit of users?

Ransom32: JavaScript ransomware-as-a-service

Ransom32 sparks interest, coded entirely using JavaScript, with the potential to target not just Windows computers, but also those running Mac OS X and Linux too.

eBay XSS password-stealing security hole “existed for months”

The BBC reports that users have been hit by a cross-site scripting flaw on eBay since at least February, putting passwords at risk of phishers.

Online gamers targeted in malware attack, exploiting old Microsoft vulnerability

Security researchers at ZScaler have uncovered a malware attack, seemingly targeted against the computers of Chinese game players.

Official PHP website hacked, spreads malware infection

The website, the official home of the open-source PHP programming language, has been hacked and used to spread malware to visitors.

Mailbox tries (and fails) to fix Javascript security hole

The researcher who rang alarm bells about a serious Javascript security hole in the popular Mailbox iPhone app, says that there is still a problem – even though the company itself believes it has resolved the issue.

Mailbox iPhone app suffers from serious Javascript flaw, researcher discovers

An Italian security researcher has discovered that the popular Mailbox app for iPhones and iPads will execute *any* Javascript which is present in the body of HTML emails, opening the door for exploitation.

How the Tumblr worm spread so quickly

SophosLabs explains how today’s Tumblr worm was able to spread so quickly.

Profile Stalkers on Facebook? Check out the viral scam that’s spreading

Will you really see who views your Facebook profile? Will you really discover who your top profile stalkers on Facebook are?

Maybe it’s time for a reality check.

Why are you tagged in this video? It’s a viral Facebook scam

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Chinese social network hit by Pink Floyd video worm

Read more in my article at Naked Security.

Malicious JSRedir-R script found to be biggest malware threat on the web

Read more in my article at Naked Security.