Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Cloudflare's Open-Source CMS: EmDash challenges WordPress

EmDash is a new content management system based on TypeScript and Astro. Plug-ins are intended to run securely within a ...

Claude Code unintentionally open source: Source map reveals all

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm ...

Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

Claude code leak explained: What Anthropic accidentally revealed

Anthropic accidentally leaked key details of its AI tool Claude Code.

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Nestle says thieves stole 12 tons of KitKat chocolate bars

"We've always encouraged people to have a break with KitKat," the company said, "but it seems thieves have taken the message too literally." ...

AI researchers are coming: What will happen to science?

A fully automated AI researcher has produced a paper that meets scientific standards. This could accelerate scientific ...