Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
Security Boulevard

Google Says North Korea Was Behind the Axios npm Supply Chain Attack

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat ...

The countries that have social media bans, or are planning to implement one

It's been four months since Australia banned under-16s from using social media, and ever since, a growing number of countries ...

Supply chain attack hits Axios npm releases, users urged to rotate keys

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
The Hacker News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Google Ads malvertising spreads ScreenConnect malware using Huawei driver flaw, enabling EDR bypass and credential theft in U ...
LGBTQ NationOpinion

Ken Paxton told therapists to stop affirming trans patients. Here’s why they shouldn’t listen.

And it’s working. Farrani said frantic mental health care providers have reached out to Equality Texas to ask whether they ...
AARP

Demand Surges for Meals on Wheels, a Lifeline for Low-Income Older People

Rising demand and higher costs force some Meals on Wheels programs to pause enrollment or create waitlists. Older adults rely ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...