MediaTek patches bug enabling crypto seed theft in just 45 seconds

Crypto wallet company Ledger said one in four Android users were once at risk of having their wallet seed phrases stolen due to a MediaTek vulnerability affecting certain Android phones.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.