Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Supply chain attacks feel like they're becoming more and more common.

Gesture control robotics replaces traditional buttons and joysticks with natural hand movements. This approach improves user ...

Espressif Systems released the ESP-IDF v6.0 framework a few days ago with stable support for ESP32-C5 and ESP32-C61 SoCs, as ...

So, you want to get into Python coding online, huh? It’s a pretty popular language, and luckily, there are tons of tools out ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.