This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Claude extension flaw allowed zero click attacks, letting hackers inject commands and access sensitive user data.

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents ...

OpenAI's new IH-Challenge training dataset improves LLM instruction hierarchy by up to 15%, strengthening defenses against prompt injection and jailbreak attempts. OpenAI has released IH-Challenge, a ...

(Beirut) – Israeli forces on the evening of March 18, 2026, attacked South Pars Gas Field in Iran: one of the most important sources of natural gas for Iran’s domestic energy consumption, including ...