Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "

The Hacker News
Open in Source
#web#google#nodejs#git#backdoor#oauth#auth#sap#The Hacker News
Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe.

Pornhub tells users to expect sextortion emails after data exposure

Users affected by the data breach may be contacted directly by cybercriminals, Pornhub warns.

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan (RAT) to bypass security and control servers globally.

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can

How to Browse the Web More Sustainably With a Green Browser

As the internet becomes an essential part of daily life, its environmental footprint continues to grow.  Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed with

A week in security (December 15 – December 21)

A list of topics we covered in the week of December 15 to December 21 of 2025

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy

DevOps and Cybersecurity: Building a New Line of Defense Against Digital Threats

Learn how DevOps and DevSecOps strengthen cybersecurity through automation, CI/CD, and secure DevOps development services.

FBI Seizes Fake ID Template Domains Operating from Bangladesh

US authorities have charged Zahid Hasan with running TechTreek, a $2.9 million online marketplace selling fake ID templates. The investigation, involving the FBI and Bangladesh police, uncovered a global scheme selling fraudulent passports and social security cards to over 1,400 customers.