In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

Admins with Dynamics 365 on-prem should also take note of a “severe” vulnerability that allows remote code execution.

A 13-block chain reorganization on LTC $54.43 late Friday and Saturday rewound roughly 32 minutes of network activity after attackers used a vulnerability in its Mimblewimble Extension Block (MWEB) ...