InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing messages and maintaining persistence. Security researchers have uncovered a ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Bleeping Computer

Fake WhatsApp developer libraries hide destructive data-wiping code

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. Two malicious NPM ...