On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

AI note-taking apps try to think for you, but NotebookLM works with your sources instead, making answers easier to trust and ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Supply chain attacks feel like they're becoming more and more common.

If you're a cybersecurity enthusiast or ethical hacker who wants to learn more about building hacking tools, this book is for ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Credit: VentureBeat made with GPT-Image-1.5 on fal.ai Until recently, the practice of building AI agents has been a bit like training a long-distance runner with a thirty-second memory. Yes, you could ...

Editor's take: Microsoft is doubling down on its plan to turn Windows 11 into an "agentic AI" platform, and in the process seems determined to strip away the last bits of user agency left in the OS.

Send a note to Doug Wintemute, Kara Coleman Fields and our other editors. We read every email. By submitting this form, you agree to allow us to collect, store, and potentially publish your provided ...