Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.
Bleeping Computer

Popular Forge library gets fix for signature verification bypass flaw

A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...
Roll Call

Firefighting plan that tripped up spending package back on track

A dispute over a Trump administration plan to consolidate federal firefighting operations may be close to resolution, in a sign of modest progress toward Senate passage of a major fiscal 2026 spending ...
Mashable

PlayStation's VR2 'Horizon Call of The Mountain' bundle has dropped below $300 in Amazon's Black Friday sale

The biggest stories of the day delivered to your inbox.