Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

In 2025, Google fixed a total of eight zero-days exploited in the wild, many of which were discovered and reported by ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Hackers target GitHub developers with fake VS Code alerts and CVEs, using malicious links to steal data and deliver malware.

If you're avoiding iOS 26, you still need protection. Apple is releasing a rare backported iOS 18 update to defend against ...

Thirty years of bad decisions finally caught up with your Task Manager ...

Does this sound like you? Women over 50 spend billions of dollars on skin care each year, hoping for the best. Unfortunately, ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day ...