Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
A new Shai-Hulud npm strain and a fake Jackson Maven package show how attackers abuse trusted dependencies to steal secrets ...
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is ...
A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer account security remain. GitHub has this week implemented the final part of ...
A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. A fork of ...
Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
The Shai-Hulud 2.0 campaign exposed 33,185 unique secrets across 20,649 repositories scanned. Among the exposed credentials, 3,760 remained valid days after discovery. Here is why the next version ...
Struggling with MCP authentication? The November 2025 spec just changed everything. CIMD replaces DCR's complexity with a simple URL-based approach—no registration endpoints, no client ID sprawl, ...
The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback