Posts

Showing posts with the label unicode

Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents

-
Image
The Biggest NPM Supply Chain Attack What is a Supply Chain Attack? A supply chain attack occurs when attackers target trusted third-party components, such as libraries or registries, instead of attacking users directly. By injecting malicious code at the source, they can spread it to all downstream users. These attacks are dangerous because updates happen automatically in build pipelines, making detection harder. A small modification in a common dependency can silently compromise thousands of projects. Defenses require strong authentication, artifact signing, reproducible builds, and active monitoring of supply chain integrity. Introduction On September 8, 2025, the npm ecosystem faced one of its largest compromises. A maintainer’s account was hijacked, and malicious versions of popular packages were published. Since npm packages are used globally in countless projects, the exposure was immediate and severe. Although the financial damage was limited, the operational dis...
Post a Comment
Read more

Sometime slash might be Unicode Hiragana

-
Image
Cybercriminals Exploit Unicode Trick to Mimic Booking.com in Phishing Scam Threat actors have launched a new phishing campaign targeting Booking.com users , leveraging Unicode characters to disguise malicious links as legitimate ones. This attack shows how easily scammers can trick people with subtle visual deceptions. How the Attack Works The campaign uses the Japanese hiragana character “ん” (Unicode U+3093) inside phishing URLs. On some systems and fonts, this symbol looks like a forward slash (/) or part of a subdirectory, making the fake URL appear genuine. For example, a phishing email may display the link (appears safe but is deceptive): https://admin.booking.com/hotel/hoteladmin/... But the actual malicious hyperlink is different (neutralized below for safety): https://account.booking.comんdetailんrestric-access.www-account-booking[.]com/en/ At first glance, it looks like a real Booking.com page. In reality, the true registered domain is “www-account-booking[.]co...
Post a Comment
Read more