Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
ET CIO

Top 7 Penetration Testing Tools for Enterprises in 2025

Discover the top seven penetration testing tools essential for enterprises in 2025 to enhance security, reduce risks, and ensure compliance in an evolving cyber landscape. Learn about their core ...
InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.
The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user ...
WinBuzzer

OpenAI Deploys Automated ‘Attacker’ to Harden Atlas Browser, Admits Prompt Injection Is ‘Unsolved’

OpenAI has deployed a new automated security testing system for ChatGPT Atlas, but has also conceded that prompt injection ...