There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

How I used Gemini to replace YouTube's missing comment alerts - in under an hour ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Crypto users are facing a new security threat via fake Cloudflare CAPTCHA pages. The attack installs an infostealer built to ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Axios，npm 上周下载量过亿的 HTTP 客户端，被朝鲜黑客植入了远控木马。 而这一天，恰好也是 Claude Code 源码泄露的同一天。3 月 31 日和愚人节的 npm 生态，属实是热闹了。 3 月 31 日 00:21 UTC，有人用 ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...