Security
Headlines
HeadlinesLatestCVEs

Latest News

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems. The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347

The Hacker News
Open in Source
#windows#google#nodejs#js#git#java#pdf#The Hacker News
How Live Threat Intelligence Cuts Cybersecurity Expenses

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Hidden Commands in Images Exploit AI Chatbots and Steal Data

Hidden commands in images can exploit AI chatbots, leading to data theft on platforms like Gemini through a…

Generative Engine Optimisation: What It Is and Why You Need an Agency for It

As digital marketing keeps changing, staying ahead means adopting the latest strategies that enhance online visibility and user…

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts of Asia, ThreatFabric said in a report

North Korea’s ScarCruft Targets Academics With RokRAT Malware

A new report reveals North Korea-linked ScarCruft is using RokRAT malware to target academics in a phishing campaign.…

WhatsApp fixes vulnerability used in zero-click attacks

WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.

How to set up two-step verification on your WhatsApp account

This guide gives step-by-step instructions how how to enable two-step verification for WhatsApp on Android, iOS, and iPadOS

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large