NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...

Family of Webster County teen exploited on Roblox sues the game for not safeguarding kids

The lawsuit alleges a Webster County teen was exploited on the gaming platform by a predator posing as a child and that Roblox failed to prevent it.

Automaker giant Stellantis confirms data breach after Salesforce hack

Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers' data after ...
SecurityWeek

Salesforce AI Hack Enabled CRM Data Theft

Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.
BeInCrypto

Web3 Social Media App UXLINK Reportedly Suffered A $11 Million Hack

UXLINK hack drains $11.3 million in assets, sparking sell-offs, token collapse, and urgent questions on trust and security.

Your passkeys could be vulnerable to attack, and everyone - including you - must act

When a clickjack attack managed to hijack a passkey authentication ceremony, were password managers really to blame? ZDNET's investigation reveals a more complicated answer.