SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.

What to know so far about the Justice Department’s release of Epstein files — and what questions remain

The Justice Department’s release of thousands of documents and pictures related to investigations into Jeffrey Epstein on Friday was highly anticipated and provided a glimpse into the life of the late ...

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
PCMag

Uninstall Now: These Chrome Browser Extensions Are Stealing AI Chat Logs

According to cybersecurity firm Koi, Urban VPN Proxy and three other popular browser extensions with 8 million+ installs can see conversations you've had with the top chatbots in 'raw form.' ...
GitHub

OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

openid-client simplifies integration with authorization servers by providing easy-to-use APIs for the most common authentication and authorization flows, including OAuth 2 and OpenID Connect. It is ...