Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and ...
ExtremeTech

Claude Code's Own Full Source Code Leaked

A simple human mistake has revealed all 500,000+ lines of code that make up Claude Code. How big a deal is that, really?
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Apple expands iOS 18 updates to more iPhones to block DarkSword attacks

Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Startup Fortune

North Korean Hackers Weaponize Axios Software to Target US Crypto Firms

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...
PCQuest

Chrome’s fourth zero-day of 2026 reveals a bigger browser security problem

Google patched Chrome zero-day CVE-2026-5281, but the bigger story is WebGPU risk and how modern browsers are starting to ...
iDrop News

Holding Out on iOS 26? Apple Just Pushed a Vital Security Patch for iOS 18

If you're avoiding iOS 26, you still need protection. Apple is releasing a rare backported iOS 18 update to defend against ...
diginomica

BrightEdge introduces AI Hyper Cube to help brands understand AI search. Here’s how it works

Trying to figure out how to get your brand to appear in AI search engines the right way? BrightEdge says its new AI Hyper ...
Arabian Post

Axios breach jolts software supply chains

The malicious releases were available for about three hours before they were removed, but the brevity of the window has done little to calm alarm because Axios is one of the most heavily used HTTP ...
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...