AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

John Solly Is the DOGE Operative Accused of Planning to Take Social Security Data to His New Job

A whistleblower complaint alleges John Solly claimed to have stored highly sensitive Social Security data on a thumb drive. Solly and Leidos, his current employer, strongly deny the allegations.
Decrypt

Android Phone Crypto Wallets Could Be at Risk Due to MediaTek Exploit: Ledger

A vulnerability in some MediaTek-powered phones could allow attackers to extract encrypted data, including wallet seed phrases, using only a USB connection.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.