The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

The launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...

There is currently an attack wave targeting devices with older iOS versions. Apple has commented on the effectiveness of a security feature in this context.

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

JFrog reports Telnyx PyPI package was poisoned with malware by TeamPCP Malicious update delivered hidden .wav payload that ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

A large-scale phishing campaign is currently targeting developers via GitHub. Attackers are exploiting the Discussions feature to spread fake security ...

Australians are being targeted by evolving and changing scam techniques which are being used to steal crypto and cash, ...

The Uranium Finance indictment carries potential prison time of up to 30 years for fraud and money laundering counts.