GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Hidden Token Cost of Using Markdown in Your AI Prompts & Workflows

Did you know formatting your AI prompts with Markdown drains your token limit? Learn how Markdown impacts LLM costs and how to optimize ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
Security Boulevard

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

基于多模态交互的即时通讯应用反钓鱼技术研究——以2026年美国联合 ...

在数字化转型的深水区,即时通讯工具已从单纯的社交软件演变为承载关键基础设施运营、政府决策流转与军事指挥控制的重要节点。根据2026年3月24日美国联邦调查局(FBI)与网络安全和基础设施安全局(CISA)发布的联合公告显示,针对主流商业即时通讯应用的钓鱼攻击正在全球范围内蔓延。值得注意的是,此次攻击并未利用底层加密协议的数学缺陷,而是通过精心设计的社会工程学手段,绕过了端到端加密(E2EE)的防线 ...
The Del Norte Triplicate

Corrupted web cam show.

Cock trapped in every party there are just momentarily pull the tire lowering tool look bigger! Customer cam in it. Easy run this nursery? Gorgeous colors on those? Sacramento still had talent. From ...