AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.
New Scientist

The 3 things you need to know about passwords, from a security expert

There are a few simple things you can do to make your digital life much more secure, says cybersecurity expert Jake Moore - follow these tips to tighten up your passwords ...