Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Dark ReadingOpinion

Source Code Leaks Highlight Lack of Supply Chain Oversight

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Claude Code Source Code Leak: Did Anthropic reveal its secret AI models? What it means for developers and users

Claude Code Source Code Leak Anthropic: Analysts believe the leak could impact the company’s reputation, especially as it is ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

The Axios Hack: How a single compromised account put millions of developers at risk

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...
OSTechNix

EmDash: The Secure, Fast TypeScript Successor to WordPress

EmDash is an open-source CMS built on Astro and Cloudflare. Featuring sandboxed plugins, AI-native tools, and 66% faster ...

The PQ is struggling to make the financial case for Quebec sovereignty

Ottawa spends more in Quebec than it collects in taxes – a problem that the Parti Québécois can’t explain away ...

Good Friday is a good day to reflect on sin, and forgiveness

The believer in Good Friday’s religious symbolism connects deeply to their own behaviours of guilt, and it is on the death of ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...