The Axios Hack: How a single compromised account put millions of developers at risk

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios maintainers.

AI finds critical ImageMagick vulnerabilities in default configurations

An AI pentesting tool has discovered critical vulnerabilities in default ImageMagick configurations. Workarounds offer ...
Security Boulevard

Stored XSS Bug Found in Jira Work Management

Collaboration platforms are central to modern enterprise workflows, handling everything from project tracking to internal ...
PCQuest

Chrome’s fourth zero-day of 2026 reveals a bigger browser security problem

Google patched Chrome zero-day CVE-2026-5281, but the bigger story is WebGPU risk and how modern browsers are starting to ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
虎嗅网 on MSN

一条Claude Code 源代码的社会性死亡

出品|虎嗅科技组 作者|余杨 编辑|苗正卿 头图|视觉中国 3月31日消息, Claude Code 源代码发生泄露。 这个 59.8 MB 的 JavaScript 源映射文件,原本应用于内部调试,却被无意中包含在今天早上早些时候推送到公共 npm ...