The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Claude Code Source Code Leak Anthropic: Analysts believe the leak could impact the company’s reputation, especially as it is ...

Anthropic is fitting its Claude Code AI-powered coding assistant with an auto mode for the Claude AI assistant to handle ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...