Poisoned WhatsApp API package steals messages and accounts

A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals ...
Opinion

China, Iran are having a field day with React2Shell, Google warns

At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, ...