On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Claude Code 2.1.88 leak exposed 512,000 lines via npm error, fueling supply chain risks and typosquatting attacks.

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU and invocation charges ...

What happens when researchers think outside the box? Data gets exfiltrated through DNS.

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

Amgen (NASDAQ: AMGN) today announced positive topline results from a Phase 3 trial of TEPEZZA (teprotumumab-trbw) administered by subcutaneous injection via an on-body injector (OBI) in participants ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...