Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Assail Launches Ares, the First Autonomous Red Team Platform Purpose-Built for the Modern Application Stack

Powered by a proprietary co-evolutionary training architecture, self-evolving AI agents autonomously discover and exploit vulnerabilities across APIs, mobile apps, and web applications -- teaching ...
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Pro-Iranian group claims credit for hack of FBI Director Kash Patel's personal account

A pro-Iranian hacking group is claiming to have hacked an account of FBI Director Kash Patel and has posted online what ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...
PCMag on MSN

Wi-Fi locked you out? Here's how to crack that network password

We're sure you have a good reason to get on that Wi-Fi network. Here are tricks to help you connect when you don't have login ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
The Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
CoinDesk

Galaxy Digital's testnet suffers hack but no client funds or information were compromised

Mike Novogratz’s crypto financial services firm said unauthorized access was limited to a segregated R&D workspace; trading ...