New Locky Variant 'IKARUSdilapidated' Strikes Again

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s truste...

Click-Fraud Malware Spreading via JavaScript Attachments

A new malware campaign has been spotted that has begun seeding spam messages with a downloader heavily obfuscated with JavaScript. The SANS Internet Storm Center said today that two days ago, a flood of spam messages were observed laced with .js attachments. The JavaScript obfuscates a downloader...

Cross site scripting

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting XSS and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers...