SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user ...
InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

An 'automated attacker' mimics the actions of human hackers to test the browser's defenses against prompt injection attacks. But there's a catch.

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...

Anthropic Releases New Open-Source Tool That Evaluates How AI Models Behave

Dubbed Bloom, the AI tool creates a series of scenarios to test an AI model for a particular behavioural trait.
WinBuzzer

OpenAI Deploys Automated ‘Attacker’ to Harden Atlas Browser, Admits Prompt Injection Is ‘Unsolved’

OpenAI has deployed a new automated security testing system for ChatGPT Atlas, but has also conceded that prompt injection ...