PC World

Don’t run JavaScript email attachments: they can carry potent ransomware

Attackers are infecting computers with a new ransomware program called RAA that’s written entirely in JavaScript and locks users’ files by using strong encryption. Most malware programs for Windows ...
CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
TechSpot

Google fixes Gmail vulnerability

A flaw that allowed JavaScript code to run when viewing a Gmail message has been patched by Google. The flaw could have allowed malicious code to gather email addresses or even compromise accounts.