A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

International cybersecurity firms had been tracking a sophisticated malware strain called PXA Stealers for months, tracing it ...

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

TeamPCP strikes again, with almost identical code to LiteLLM.

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

An incident of LinkedIn malware means jobseekers and employers need to take more care with their applications and ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...