Android mental health apps with 14.7M installs filled with security flaws

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.
Infosecurity Magazine

Researchers Reveal Six New OpenClaw Vulnerabilities

OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF) ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.