On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

I’ve used plenty, but this one rewired my daily workflow.

There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

I’ve tried to make Linux my daily OS, but I keep coming back to Windows. Here’s what still pulls me back, even when Linux ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...