Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU and invocation charges ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

What happens when researchers think outside the box? Data gets exfiltrated through DNS.
WinBuzzer

Claude Code Source Leak Exposes Anti-Distillation Traps

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...

Health Canada Approves neffy®--The First Needle-Free Epinephrine Spray for Anaphylaxis

ALK-Abello Pharmaceuticals Inc. Canada (ALK Canada) today announced that Health Canada has approved neffy® 2 mg for the emergency treatment of allergic reactions (anaphylaxis) due to insect stings or ...

Iowa bill ends minors’ ability to consent to HPV vaccine alone

Iowa GOP lawmakers sent Gov. Kim Reynolds a bill that eliminates a minor child's ability to consent to the HPV vaccine ...

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

AMGEN ANNOUNCES POSITIVE TOPLINE PHASE 3 RESULTS FOR SUBCUTANEOUS TEPEZZA® IN ADULTS LIVING WITH MODERATE-TO-SEVERE ACTIVE THYROID EYE DISEASE

Amgen (NASDAQ: AMGN) today announced positive topline results from a Phase 3 trial of TEPEZZA (teprotumumab-trbw) administered by subcutaneous injection via an on-body injector (OBI) in participants ...