In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...

What happened?: Attackers took over a maintainer account for Axios and published malicious versions to npm, potentially impacting millions of downloads. Why it matters: CSA Singapore warns supply ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

LayerZero said that Kelp’s DVN setup caused the $290 million exploit, as investors questioned which protocol would step up to cover the shortfall. Interoperability protocol LayerZero claims that an ...

A major decentralized finance (DeFi) hack could prompt Wall Street firms to reassess the pace of their blockchain and tokenization efforts, a Jefferies analyst wrote in a report. The note follows a ...

A roughly $292 million exploit over the weekend has rattled the crypto industry, exposing vulnerabilities in decentralized finance (DeFi) infrastructure and raising concerns about knock-on effects ...