Endpoint
Malware
Malicious software — ransomware, trojans, spyware.
What it is
Software designed to damage, steal, or hold systems hostage. On websites, malware most often arrives via compromised dependencies or admin panels.
How attackers exploit it
An attacker compromises an admin account or injects malicious JS into your build pipeline, then serves it to every visitor.
How to protect against it
- Pin and audit dependencies (lockfiles, SCA tools).
- Use Subresource Integrity (SRI) for any third-party script you load by URL.
- Set a strict CSP that limits where scripts can come from.
- Patch CMS plugins/themes regularly and remove ones you don't use.
Reference videos
Ransomware in 6 minutes
IBM Technology
Supply chain attacks explained
PwnFunction
Further reading