Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

Vauxhall has completed the electrified line-up for its flagship Grandland SUV with the arrival of a plug-in hybrid model.

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Google has issued an update alert for 3.5 billion Chrome browser users following confirmation of a new zero-day attack exploit.

Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a ...

The quake struck in the Molucca Sea, with warnings of possible tsunami waves in Indonesia, Philippines and Malaysia.

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.

Two landmark trials this week and two losses for social media giants. In the Los Angeles case, a jury found Meta and YouTube, which is owned by Google, negligent for designing apps that harmed kids ...