On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

I’ve used plenty, but this one rewired my daily workflow.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

I’ve tried to make Linux my daily OS, but I keep coming back to Windows. Here’s what still pulls me back, even when Linux ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

A practical, hands-on guide to navigating deepfake technology and reducing the risks it poses to your business.

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.