On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

Landmark decision by CHMP grants approval for self or caregiver administration for patients living with multiple myeloma1 ...

How can an extension change hands with no oversight?

What happens when researchers think outside the box? Data gets exfiltrated through DNS.

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...