Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

I’ve tried to make Linux my daily OS, but I keep coming back to Windows. Here’s what still pulls me back, even when Linux ...

Chainguard is racing to fix trust in AI-built software - here's how ...

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

Supply chain attacks feel like they're becoming more and more common.

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.