Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

GL Communications Inc., a global provider of voice testing solutions, announces significant enhancements to its SIP testing platform, enabling high-load, secure and automated generation of voice, ...

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...