The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

A malicious npm package posing as a WhatsApp API intercepts messages, steals credentials, and links attacker devices after 56 ...

New ‘GhostPairing’ Technique Enables Undetected WhatsApp Access

Researchers warn of a new WhatsApp “GhostPairing” attack that silently links attacker devices to accounts, enabling message ...

People Are Using Sora 2 to Make Disturbing Videos With AI-Generated Kids

Videos such as fake ads featuring AI children playing with vibrators or Jeffrey Epstein- and Diddy-themed play sets are being ...
SecurityWeek

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The lotusbail NPM package steals WhatsApp credentials, messages, and contacts, and provides persistent access to the victims’ accounts.

'GhostPairing' attacks are taking over WhatsApp accounts

If you enjoyed this story, be sure to follow Lifehacker on MSN.

New cyber threat: This new message can hijack your WhatsApp account without OTPs, SIM swap; know about 'GhostPairing' attack, tips to protect yourself

The scam usually starts with a short, casual message that appears to come from someone the victim already knows and trusts.

New Year 2026 Scam Alert: This WhatsApp Greeting Could Wipe Your Bank Account

Cybercriminals can leverage this scam to steal your personal and banking data, compromise user privacy, and install malware ...