The Hacker News

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack

The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp authentication tokens and session keys. Furthermore, it intercepts and ...

LinkedIn Attack Alert — 1.2 Billion Users Must Watch For Red Flags

If you are one of the 1.2 billion registered users of the LinkedIn professional social network platform, pay attention to ...
Cybernews

Code that works can also be malware: this WhatsApp API is stealing messages

A malicious npm WhatsApp library with 56,000 downloads secretly stole messages, credentials, and contacts in a sophisticated ...

Page 2: The winner's podium: ranks 3 to 1

Security topics take the top spots by a clear margin: in software development, it's supply chain incidents that make life ...
Cybernews

The biggest corporate security blunders of 2025

Copeland highlights the Allianz Life breach in July 2025 as a prime example, which occurred due to unauthorized access ...
GitHub

nrm -- npm registry manager

$ nrm ls * npm ----- https://registry.npmjs.org/ yarn ----- https://registry.yarnpkg.com/ tencent ----- https://mirrors.tencent.com/npm/ cnpm ----- https://r.cnpmjs ...
Windows LatestOpinion

JavaScript creator warns against “rushed web UX over native” as Windows 11 leans harder on WebView2 and Electron

JavaScript creator says rushed web UX causes bloat and points to WebView2/Electron as Windows 11’s bigger problem.