Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.

Clinical trial data reviewed by NICE shows that semaglutide reduced the risk of serious cardiovascular events, including ...

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

The launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...