The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Tech Times

API Key Leak Exposes AWS, Stripe, OpenAI Credentials Across Thousands of Sites

Researchers found thousands of exposed API keys across 10 million webpages, including AWS, Stripe, and OpenAI credentials left vulnerable in public code.
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
IT-Online

Senior Software Developer (AWS, TypeScript, JavaScript, Node.js) – Johannesburg / Cape Town (Hybrid) – Western Cape Cape Town

A global leader in safety and industrial technology is driving the next generation of cloud-based IoT solutions, connecting industrial systems, sensors, and devices into scalable, real-time platforms.
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...
Des Moines Register

Sentry Interactive’s SDK enables mass enrollment of PKOC credentials

Enterprises deploying mobile and physical access credentials will soon be able to enroll them at scale using open standards. PKOC credentials are designed to be non-proprietary, hardware-agnostic, and ...