Axios npm Hijacked: 100 Million Weekly Downloads Turned Into a RAT Dropper
What Happened On March 31, 2026, a threat actor hijacked the npm account of the lead Axios maintainer and published two malicious versions of one of the most widely used…
Notepad++ Supply Chain Attack: A Six-Month Nightmare
State-sponsored attackers hijacked Notepad++'s update mechanism from June to December 2025, delivering targeted malware via a compromised hosting server.This infrastructure-level breach targeted high-value users in East Asia, exposing risks in…
Another Day ! Another Moveit Vulnerability Nightmare
Researchers have unearthed a potent security vulnerability nestled within its MOVEit Transfer. This flaw threatens to pave the way for escalated privileges and the alarming possibility of unauthorized access to…
Shadow Pad Malware On Sale
ShadowPad, a windows backdoor that allows attackers to download additional harmful modules or steal data. The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors.…
Mobile platforms Should Obstructs Zeroday Hunts
Tait, an outspoken researcher who has held stints at Google’s Project Zero and the U.K.’s GCHQ intelligence agency, said mobile platforms must immediately start providing improved “on-device observability” to help…