Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Mozilla’s 0din team showed how a Claude Code malware GitHub repo attack could use a clean-looking repository to open a ...
Socket traced the module to 222 repos across 190 accounts staging Vidar, RATs, and XMRig miners ...
A year ago, ESET Research was part of two major operations that disrupted some of the leading cybercriminal operations at the time, Lumma Stealer and Danabot. More recently, our researchers are once ...
ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese ...
Semi-automate multi-protocol API calls, construct jq queries at the speed of light, or transform strings to and from any format.
A comprehensive, standards-compliant library providing all RFC 4648 encoding variants with zero dependencies, Swift Embedded compatibility, and a clean API.
description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...