Crypto Briefing

Anthropic’s Claude Code leak reveals autonomous agent tools and unreleased models

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
WinBuzzer

OpenAI Launches Plugin Marketplace for Codex with Enterprise Controls

OpenAI has launched a plugin marketplace for Codex with over 20 integrations from Slack, Figma, and Notion, adding enterprise ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...
Windows Latest

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better ...

Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

H33 Launches HICS for Free: The First Trust-less Software Scoring Tool with Post Quantum ...

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually ...