Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
ET CIO

Top 7 Penetration Testing Tools for Enterprises in 2025

Discover the top seven penetration testing tools essential for enterprises in 2025 to enhance security, reduce risks, and ensure compliance in an evolving cyber landscape. Learn about their core ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user ...
InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

An 'automated attacker' mimics the actions of human hackers to test the browser's defenses against prompt injection attacks. But there's a catch.
WinBuzzer

OpenAI Deploys Automated ‘Attacker’ to Harden Atlas Browser, Admits Prompt Injection Is ‘Unsolved’

OpenAI has deployed a new automated security testing system for ChatGPT Atlas, but has also conceded that prompt injection ...