The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

Spread the loveIn a worrying development for the cybersecurity landscape, North Korean hackers have successfully infiltrated the widely-used Axios NPM package, introducing backdoored versions of the ...

An Anthropic employee accidentally leaked the source code for one of the most popular Artificial Intelligence (AI) assistants ...