The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
Variety

Paramount President Jeff Shell Sued for $150 Million Over Alleged PR Contract

Jeff Shell, the president of Paramount Skydance, was sued Monday by a man who claims he is owed $150 million for crisis communications services and for Shell’s refusal to help produce a TV show. The ...
London South East

Shell to sell Jiffy Lube and Premium Velocity for over USD1 billion

(Alliance News) - Shell PLC on Monday announced a US subsidiary's agreement to sell Jiffy Lube International, and its Premium Velocity Auto LLC business, to a Monomoy Capital Partners affiliate for ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...
PC World

Installing an AI assistant on your PC? 5 do’s and don’ts

PCWorld examines essential safety practices for new personal AI assistants like Claude Cowork and Perplexity’s Personal Computer that offer extensive desktop control capabilities. These AI tools can ...