During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

ShellGPT makes the terminal user-friendly, saving time by generating commands, automating scripts, and guiding me through tasks.

Supply chain attacks feel like they're becoming more and more common.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Sure, you can try to read one of your favorite Outside Run stories while bombing down technical singletrack, but we wouldn’t recommend it. Our new article playlists, available exclusively to O+ ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...