CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

How the Internet Became the ‘Cookbook’ of the Drug Trade

A baffling overdose death took investigators to the frontier of ultra-potent synthetic drugs. The clues were hauntingly ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Arabian Post

BlankGrabber cloaks theft with fake certificate

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

Arizona court sets May 20 execution for prisoner convicted of killing man by setting him on fire

A May 20 execution has been scheduled for an Arizona man convicted of murder for fatally setting a man on fire during a 2002 ...
PCMag

The Power of Plain English: Build Professional Apps With Base44

With the arrival of the Base44 vibe-coding platform, natural language could be the new language of software development.

I built a web page with OpenAI’s Codex in 5 minutes. Here’s how

PCWorld demonstrates how OpenAI’s Codex can generate a complete personal homepage in just 56 seconds using simple prompts and ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

OpenAI pulls the plug on Sora, the viral AI video app that sparked deepfake concerns

OpenAI is shutting down its social media app Sora, which went viral last fall as a place to share short-form videos generated ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
The Hacker News

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.