SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

SideCopy targeted Afghanistan's Finance Ministry with Xeno RAT via Pashto phishing lures, enabling espionage and system ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

Abstract: The growing reliance on web-based applications and their deployment across diverse domains have intensified concerns about the security of JavaScript source code executed on the client side.

If clarity shines a light on something, obfuscating it is casting a shadow over it. The word “obfuscate” is cloaked in darkness, and often describes things that are shrouded in mystery, are ...

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially hiding in plain sight in embedded QR codes. QR codes are ubiquitous these ...

Hi, thank you for creating this obfuscation plugin. I have a small question. I created a browser extension and uploaded it to the Chrome store. I want to use your obfuscation method in a very small ...