The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
Decrypt

New Malware Poses as Roblox Mods to Steal Crypto Credentials

The Stealka malware is inserted into pirated mods for video games including Roblox, and can lift sensitive info from apps.
The Hacker News

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

Kaspersky reports ForumTroll phishing attacks targeting Russian academics, using fake eLibrary emails, personalized files & Windows malware delivery.

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate ...