Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The open-source database RxDB 17 now synchronizes data directly via Google Drive or OneDrive – developers no longer need ...
The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
It's been four months since Australia banned under-16s from using social media, and ever since, a growing number of countries ...
Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.
The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results