SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed

A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited ...
InfoQ

Nuxt Introduces Native Request Cancellation and Async Handler Extraction for Performance Gains

Nuxt 4.2 elevates the developer experience with native abort control for data fetching, improved error handling, and ...
InfoQ

Pinecone Introduces Dedicated Read Nodes in Public Preview for Predictable Vector Workloads

Pinecone recently announced the public preview of Dedicated Read Nodes (DRN), a new capacity mode for its vector database ...
The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...
CyberGuy

Pornhub hit by massive user data leak exposing 200 million records

Pornhub faces massive data leak as ShinyHunters claim 200 million records. What data was exposed, what stayed secure and how to stay safe.