Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

Opal Security, the modern identity security and access governance company, today announced three new AI-native capabilities that together form the industry's first unified platform for seeing, ...

There's a lot more to a model than just benchmarks.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Another big drawback: Any modules not written in pure Python can’t run in Wasm unless a Wasm-specific version of that module ...

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...