Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

LinkedIn is facing two lawsuits over its practice of scanning users’ browsers to determine which extensions they’re running.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

EmDash, the secure serverless CMS successor to WordPress, fixes plugin risks and empowers global publishing in the AI era.

USB flash drives are portable data storage options that allow users to store and move files between computers and other devices. Unintentional deletions, virus assaults, formatting errors, or system ...

According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana ...

A data breach at the city attorney's office led to a massive cache of LAPD files being dumped online. Here's what we know ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...