Threat Post

PNG Image Metadata Leading to iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading malicious obfuscated JavaScript code stored in a PNG file’s metadata to trigger iFrame injections.
Bleeping Computer

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was ...