Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

I keep reaching for my phone, and it’s not for scrolling.

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

TeamPCP strikes again, with almost identical code to LiteLLM.

Explore Homebrew Statistics to uncover key usage trends, installs, and growth insights that help developers make smarter ...

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...