The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
CSO Online

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...