Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

OpenAI announced they are extending the Responses API to make it easier for developer to build agentic workflows, adding ...

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

Nigeria consistently ranks among the world’s top flaring nations, joining Russia, Iran, Iraq, and the US to account for more ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

NVIDIA NemoClaw adds OpenShell sandbox monitoring and strict policies to secure OpenClaw agents, but setup on Brev is ...

Chainguard is racing to fix trust in AI-built software - here's how ...

Why send your data to the cloud when your PC can do it better?