AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...
GitHub

Super-Linter

Super-linter is a ready-to-run collection of linters and code analyzers, to help validate and fix your source code. The goal of super-linter is to help you establish best practices and consistent ...
GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...