Poisoned WhatsApp API package steals messages and accounts

A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals ...

Worrying WhatsApp attack can steal messages and even accounts - here's how to stay safe from "poisoned" attack

The malicious fork, named ‘lotusbail’ has all the same functionality as the legitimate project, but it also steals WhatsApp authentication tokens and session keys. Furthermore, it intercepts and ...

Yet another phishing campaign impersonates trusted Google services - here's what we know

Legitimate Google services are, once again, being abused in phishing attacks, successfully tricking targets into clicking ...
Security Boulevard

Client ID Metadata Documents (CIMD): The Future of MCP Authentication

Struggling with MCP authentication? The November 2025 spec just changed everything. CIMD replaces DCR's complexity with a simple URL-based approach—no registration endpoints, no client ID sprawl, ...