A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

"We understand the inconvenience and concern this may cause."

Discord users may have had their government ID photos compromised following a cyber attack on one of its "third-party vendors ...

This Discord feature you barely noticed could now be your biggest privacy risk

While Discord says its main platform wasn’t directly compromised, the incident raises serious privacy concerns.
NBC News

Netanyahu: 'Much of the world no longer remembers October 7'

During his remarks at the United Nations General Assembly, Israeli Prime Minister Benjamin Netanyahu claimed that "much of the world no longer remembers October 7" and donned a QR code pin that would ...
GitHub

Add support for VS Code's Azure DevOps Codespaces Auth extension

This is a follow up of #527. When using Visual Studio Code with GitHub Codespaces connected to Azure DevOps, the ADO Codespaces Auth Extension adds a helper script called ado-auth-helper in the user's ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
GitHub

C2PA JavaScript SDK (legacy)

The packages in this monorepo are now deprecated. Implementors wishing to interact with C2PA data on the web should use our new libraries instead. This library aims to make viewing and verifying C2PA ...