The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
Morning Overview on MSN

“GhostPairing” could hijack WhatsApp. Here’s how to block it

GhostPairing is the kind of WhatsApp attack that feels unfair, because it skips the usual warning signs like one-time ...
The Hacker News

Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale

Android attackers use fake apps and droppers to spread the Wonderland SMS stealer, stealing OTPs, SMS data, and bank funds, ...
Dark Reading

Uzbek Users Under Attack by Android SMS Stealers

Telegram users in Uzbekistan are being targeted with Android SMS stealer malware, and what's worse, the attackers are ...
CSO Online

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Proofpoint has warned about phishing campaigns abusing legitimate device authorization flow to bypass MFA and gain persistent ...