Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Proprietary warehouses delivered scale — but at the cost of control, predictable pricing, and real flexibility. Enterprises are doing the math.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

OpenAI has launched a plugin marketplace for Codex with over 20 integrations from Slack, Figma, and Notion, adding enterprise ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

写在最前面，2月28日通义实验室AgentScope团队发布了自研的独立部署开源桌面Agent工具：CoPawhttps://copaw.agentscope.io/CoPaw是整体架构上类似openclaw的工具，用的agentscope框架搭建， ...