skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Client-side JavaScript Attack Affects 500+ Websites

/ 1 min read

🕷️ Client-side JavaScript attack targets over 500 government and university websites. A recent attack has compromised more than 500 websites, including those of various governments and universities, by injecting malicious JavaScript from the domain scriptapi.dev. This attack employs black hat SEO techniques, creating hidden links in the Document Object Model (DOM) that are invisible to users but indexed by search engines, thereby boosting the SEO value of external sites. The attack highlights vulnerabilities in third-party scripts and the risks of supply chain attacks in web development. To mitigate these risks, experts recommend updating plugins, implementing Content Security Policies, and regularly auditing third-party scripts.

Source
{entry.data.source.title}
Original