Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
How-To Geek on MSN

I ditched modern file transfer apps for a 25-year-old FTP client—here's why

You don't need to upload files to the cloud just to access them on your other devices.
ClickOnDetroit

Dearborn man had 35,002 possible child sex abuse files, feds say

A computer linked to a Dearborn man showed signs of an enormous stash of suspected child sexually abusive material: 35,002 ...
ClickOnDetroit

Dearborn man linked to 35,002 possible child sex abuse files. How FBI says they tracked him down

A Dearborn man is accused of being linked to thousands of possible child sex abuse files. The FBI explained how they tracked ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
Bleeping Computer

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 records containing names and email addresses. The company states that the incident was caused ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...