Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Almost a dozen malicious npm packages, delivering dangerous infostealing malware, were downloaded roughly 10,000 times before ...
GitHub

Bug: Prowler API Fails Token Generation and UI Login on Fresh Self-Host Deployment (Missing RSA Keys)

Wait for all containers (api, ui, postgres, valkey) to start. Open http://localhost:3000 and attempt to register a new user from the UI. Try to log in with that same ...
GitHub

[Bug] MSAL Library not clearing the user access token from the iOS keychain upon calling RemoveAsync

In a .NET MAUI iOS application, calling RemoveAsync() on an account does not properly remove all associated tokens from the iOS keychain. While the method executes ...
The Hacker News

SaaS Breaches Start with Tokens - What Security Teams Must Watch

Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 ...
The Hacker News

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, ...
TechCrunch

Sam Altman says ChatGPT has hit 800M weekly active users

OpenAI CEO Sam Altman said Monday that ChatGPT has reached 800 million weekly active users, marking an increase of adoption among consumers, developers, enterprises, and governments. “Today, 4 million ...