Veracode researchers have uncovered a malware campaign that misuses Google Calendar to execute a malicious command-and-control (C2) server connection. The malware is embedded in a package, known as “os-info-checker-es6”, on the NPM platform and uses Unicode steganography to hide its code. The package was also reported as a dependency in four other packages. The malicious code retrieves a payload from a URL, stored in a Google Calendar event, and then executes it. Veracode has reported this malicious package to the NPM security team.
GenAI use in healthcare sparks rise in sensitive data violations
Healthcare workers are often uploading sensitive health data to personal cloud and AI accounts, says a report from Netskope Threat Labs. Out of the data
