A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Wasm, PGlite, OPFS, and other new tech bring robust data storage to the browser, Electrobun brings Bun to desktop apps, ...

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly ...

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...

LeakNet may be expanding its reach and scaling up, changing techniques and running campaigns directly, but the ransomware operator’s use of a repeatable post-exploitation sequence gives defenders a ...

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm ...

Boris Cherny, the creator and Head of Claude Code at Anthropic, has confirmed that there was a leak of the company’s internal ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...