Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

H33 Launches HICS for Free: The First Trust-less Software Scoring Tool with Post Quantum Cryptographic Proof

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Ex-Tenafly councilman and son strike plea deals for child porn charges

A former Tenafly councilman and his son are awaiting sentencing after pleading guilty as part of a plea deal before a state ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Anthropic accidentally exposed Claude Code source, raising security concerns

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

After the release of the Epstein files, why have there been so few arrests?

Legal experts tell NPR five possible reasons that, despite the accusations made against rich and powerful people in the files ...

Jan. 6 rioter pardoned by Trump gets prison sentence for possessing 'enormous child pornography collection'

Daniel Tocci's attorney had previously argued that the case should be dismissed because “all the evidence" stemmed from his ...