Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
20d
ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery
ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...
Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.
Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial ...
OX Security reported a phishing campaign targeting developers using OpenClaw's name to lure victims into a fake site for ...
This week, the AppsFlyer SDK breach, JPMorgan sued over ties to a Ponzi scheme, the OFAC sanctioned a network tied to North ...
Google Threat Intelligence Group (GTIG), Lookout Threat Labs, and iVerify published coordinated research in March 2026 on ...
XDA Developers on MSN
Google kept featuring this Chrome extension for months after it turned malicious
How can an extension change hands with no oversight?
A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results