Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Supply chain attack hits 100 million-download Axios npm package

�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

The murky question and answers on whether India is still meddling in Canada continue

The good news is that agents of India are no longer involved in crimes against Canadians. Or maybe they are. From what the ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...

DarkSword iOS exploit chain adopted by multiple threat actors: Report

Google Threat Intelligence Group (GTIG), Lookout Threat Labs, and iVerify published coordinated research in March 2026 on ...
Infosecurity Magazine

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery

A cryptocurrency scam known as "ShieldGuard" has been dismantled after researchers identified it as a malicious browser ...
Techzine Europe

GlassWorm malware surfaces in development environments

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...
CSOonline

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems. Threat ...