UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...
7d
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...
The open-source database RxDB 17 now synchronizes data directly via Google Drive or OneDrive – developers no longer need ...
In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...
EmDash, the secure serverless CMS successor to WordPress, fixes plugin risks and empowers global publishing in the AI era.
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results