5 matches found
Malicious code in @budetzz/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2dbcccc761971dfc5f844f59f362fe32ee1e0b9a3cd91ddd4fc87be5c8b013a The package is published under the name @budetzz/libsignal-node, impersonating the well-known libsignal Signal-protocol library, but the homepage and...
CVE-2026-35589
nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking CSWSH vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an incomplete remediation of CVE-2026-2577. The original fix changed the binding from 0.0.0.0 to...
Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp
Cheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases...
Fake Netflix app on Play Store caught hijacking WhatsApp sessions
By Deeba Ahmed Google has removed FlixOnline, a fake Netflix app for deploying wormable malware targeting WhatsApp users. This is a post from HackRead.com Read the original post: Fake Netflix app on Play Store caught hijacking WhatsApp sessions...
Just Answering A Video Call Could Compromise Your WhatsApp Account
What if just receiving a video call on WhatsApp could hack your smartphone? This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just b...