Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Microsoft has released version 1.0 of its open-source Agent Framework, positioning it as the production-ready evolution of the project introduced in October 2025 by combining Semantic Kernel ...

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

This shouldn’t work—but it absolutely does.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

The stcrestclient package provides the stchttp ReST API library module. This allows simple function calls, nearly identical to those provided by StcPython.py, to be used to access TestCenter server ...

archinstall 4.0 replaces the curses interface with Textual, adds firewall and UKI support, and fundamentally modernizes the ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...