Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user ...

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal ...
9to5Google

Honey accused of sketchy user data practices as more Chrome users uninstall [Video]

The popular PayPal-owned extension Honey has been under fire for the past year regarding sketchy tactics against online creators ...
InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...
CNET on MSN

Spotify Says It's Shutting Down Access to Site That Scraped Its Music Library

After a shadow library site claimed to have created a metadata archive of 99.6 percent of Spotify's music, the streaming service said it's shutting down accounts and creating safeguards to protect its ...

The easiest way to search the new Epstein files

Even if the DOJ dump is incomplete and heavily redacted, at least Jmail makes them easy to access—thanks to a familiar ...

Anna's Archive 'backed up' Spotify's massive catalogue to preserve online music

Anna's Archive made the metadata library immediately available for public download, and says it will release the rest of the ...