The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

The Future Of API Protection: Why Web And API Security Work Better Together

Modern security demands both the scale and performance of WAAP and the precision and lifecycle coverage of dedicated API ...

Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell ...
InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
The Hacker News

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

Discover how AI and automation strengthen defenses, streamline operations, and deliver measurable business impact. Hear from ...

Hack Your Own Password — Windows Users Urged To Take Action Now

Windows users can protect themselves from falling victim to ongoing “hack your own password” attacks by doing these three ...

Pactman Simplifies Nonprofit Verification for Developers with New Compliance API Portal

Pledge Software (the creator of Pactman: today announced automated developer onboarding for its Nonprofit Check Plus API, a move aimed at reducing friction for platforms that must verify nonprofit ...
Security Boulevard

Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate, plan attacks, and ...
The Register on MSN

Poisoned WhatsApp API package steals messages and accounts

And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a ...