Bleeping Computer

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...
PCMag

VPN Metadata Explained: What Your Provider Can and Can't See

VPNs encrypt your traffic, but they aren't blind to your activity. Here's the metadata your provider can see—and how to spot services that misuse it.

Switching to Tor Browser on Android turned out to be more useful than I expected

You can either connect manually (every time you open Tor Browser) or enable it to connect automatically by tapping the On/Off slider for "Always connect automatically" until it's in the On position.
PCMag

It Took Me Just 2 Hours to Vibe Code a Mass Surveillance Site With OpenAI's Codex

With zero coding skills, and in a disturbingly short time, I was able to assemble camera feeds from around the world into a ...
Microsoft

Malicious AI Assistant Extensions Harvest LLM Chat Histories

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise ...

2026 Browser Data Reveals Major Enterprise Security Blind Spots

The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report ...