A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

The post Why Your AI Girlfriend is a Privacy Time Bomb: 150M Users at Risk appeared first on Android Headlines.

A new security report on AI companion apps is drawing attention because it arrives as an identity protection company is dealing with a data exposure incident.

Identity security firm Aura confirms the breach was due to a “targeted phone phishing attack” – and the hackers only needed one hour of access.

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...

Security researchers say a phishing scam impersonates Google to install malware that steals 2FA codes, tracks location and ...

The good news is you don’t need special access to use a solid password manager. Several services offer free plans, and others have paid tiers that cost far less than you might expect. If you want to ...

Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Discord’s reversal followed a widespread user backlash, which also intensified scrutiny of the platform’s age-check partners. Suddenly, these often-overlooked players in the “age-assurance” ecosystem ...

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege escalation, raising concerns about the future of browser data security.