On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

We ventured into dangerous waters for some underwater metal detecting, but what we didn’t expect was to be surrounded by crocodiles and a massive python. This video takes you into the wild, where we ...

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate ...

Venom Stealer is a new malware-as-a-service tool using ClickFix scams to steal credentials, hijack sessions and automate ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...