LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.

1inch, a decentralized exchange aggregator, was compromised after attackers injected malicious code into an animation library update, prompting users to connect their wallets to a crypto drainer.

The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency.

The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency.

A scary few Halloween hours for team behind hugely popular web plugin

An add-on could inject malicious JavaScript to overly permissive APIs

LottieFiles revealed a supply chain compromise in which malicious code could lure users into connecting crypto wallets, potentially leading to asset theft