CES 2026: Qualcomm Unveils Snapdragon X2 Plus for Copilot+ PCs
The Snapdragon X2 Plus SoC follows the Snapdragon X2 Elite, launching just four months after its debut. Devamını Oku
Claim That Any Phone Can Be Tracked via Google Maps by Email Is False
A viral claim suggesting that anyone can locate a mobile phone simply by emailing Google and using a phone number is inaccurate and misleading, cybersecurity experts say.
Posts circulating online allege that sending an email through Gmail to a specific address can trigger Google Maps to reveal a device’s location, even without internet access. Google does not offer any such service, and there is no official mechanism that allows location tracking of a phone solely via an email request or partial phone number.
Legitimate phone-tracking tools require explicit user consent and account access, such as Google’s “Find My Device” for Android or Apple’s “Find My” for iPhone. These services work only when users are logged in and have location sharing enabled.
Security specialists warn that messages promoting email-based tracking may be linked to scams or data-harvesting attempts. Users who follow such instructions could expose personal information without gaining any real tracking capability.
Authorities and privacy advocates stress that tracking a phone without permission is illegal in many countries. Users are advised to rely only on official tools provided by device makers and to report misleading claims that promise effortless or universal phone tracking.
More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package
A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.
The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.
According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.
Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.
Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.