Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

GL Communications Inc., a global provider of voice testing solutions, announces significant enhancements to its SIP testing platform, enabling high-load, secure and automated generation of voice, ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...