Supply chain attacks feel like they're becoming more and more common.

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

I’ve used plenty, but this one rewired my daily workflow.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

OpenAI announced they are extending the Responses API to make it easier for developer to build agentic workflows, adding ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...