InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

RansomHouse upgrades encryption with multi-layered data processing

The RansomHouse ransomware-as-a-service (RaaS) has recently upgraded its encryptor, switching from a relatively simple single ...

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
The Hacker News

China-Linked Evasive Panda Ran DNS Poisoning Campaign to Deliver MgBot Malware

China-linked Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted espionage attacks from 2022 to 2024.
The Hacker News

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

Weekly roundup exploring how cyber threats, AI misuse, and digital deception are reshaping global security trends.
The Register on MSN

Poisoned WhatsApp API package steals messages and accounts

And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a ...
PCQuest on MSN

Why this WhatsApp integration quietly stole accounts

For most developers, broken code raises alarms. This time, the danger came from code that worked exactly as promised.A malicious npm package called lotusbail presented itself as a fully functional ...