Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

If there’s one universal experience with AI-powered code development tools, it’s how they feel like magic until they don’t. One moment, you’re watching an AI agent slurp up your codebase and deliver a ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.

A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

Learn the five core elements shaping intelligent automation in 2026, from orchestration and event-driven data flows to ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...