Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

DNS text records and a PowerShell script is the latest absurd way someone has managed to get the iconic first-person shooter ...

Augmented Marauder targets Latin America and Europe since 2020, using dynamic PDF phishing to spread Casbaneiro via Horabot.

Windows 11 KB5086672 is now rolling out as an optional update with several notable improvements after March 2026 update ...

An AI pentesting tool has discovered critical vulnerabilities in default ImageMagick configurations. Workarounds offer ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, ...

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

What's next, a literal potato? Oh yeah. Done that.

A recently released port of Doom can load into memory from Cloudflare without ever writing files to the disc. The project ...

Microsoft’s CA-2023 Secure Boot update broke PCs. Learn why UEFI firmware failed, how vendors reacted, and how to fix your boot issues.