Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack

The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp authentication tokens and session keys. Furthermore, it intercepts and ...
The Hacker News

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Researchers uncover malware campaigns using cracked software and compromised YouTube videos to deliver CountLoader, ...

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more ...
The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Cellik Android malware builds malicious versions from Google Play apps

A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
PC World

How to tell if your USB cable is hiding malicious hacker hardware

We expect USB-C cables to perform a specific task: transferring either data or files between devices. We give little more thought to the matter, but malicious USB-C cables can do much more than what ...

Maximum severity React2Shell flaw exploited by North Korean hackers in malware attacks

The Chinese are not the only ones exploiting React2Shell, a maximum-severity vulnerability that was recently discovered in React Server Components (RSC).
Investopedia

Understanding Vandalism and Malicious Mischief Insurance Coverage

Julia Kagan is a financial/consumer journalist and former senior editor, personal finance, of Investopedia. Eric's career includes extensive work in both public and corporate accounting with ...