The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Worrying WhatsApp attack can steal messages and even accounts

Taking over WhatsApp accounts "The package wraps the legitimate WebSocket client that communicates with WhatsApp. Every ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...

Social engineering cost crypto billions in 2025: How to protect yourself

The human layer is one of the most vulnerable when it comes to crypto security, but authentication, hardware wallets, automation and strict verification habits are key to reducing risk.
CoinDesk

Unleash Protocol hit by $3.9 million exploit with funds routed through Tornado Cash

An attacker seized control of Unleash Protocol’s multisig governance to upgrade contracts and siphon funds, which were later ...
InfoWorld

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
DataBreachToday

Researchers Spot New Shai Hulud Variant

Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware. Security ...
eWeek

LangChain AI Vulnerability Exposes Millions of Apps

A critical LangChain AI vulnerability exposes millions of apps to theft and code injection, prompting urgent patching and ...