Security News New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer TheHackerNews Daniel Bender 22 Jun 2026 Share Researchers detail REF8372, a malvertising campaign using fake Node.js ads, Storj-hosted payloads, and OXLOADER to deploy CastleStealer.