Researchers uncovered 27 malicious npm packages used over five months to host phishing pages that steal credentials from ...

Explore Infosecurity Magazine’s most-read cybersecurity stories of 2025, from major vendor shake-ups and zero-day exploits to AI-driven threats and supply chain attacks ...

In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...

Discover the top seven penetration testing tools essential for enterprises in 2025 to enhance security, reduce risks, and ensure compliance in an evolving cyber landscape. Learn about their core ...

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...

The human layer is one of the most vulnerable when it comes to crypto security, but authentication, hardware wallets, automation and strict verification habits are key to reducing risk.

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

Researchers disclosed a HashJack attack that manipulates AI browsers. Cato CTRL examined Comet, Copilot for Edge, and Gemini for Chrome. Could lead to data theft, phishing, and malware downloads.

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.