The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Images are the Largest Contentful Paint element on 85% of desktop pages and 76% of mobile pages, according to the 2025 HTTP ...

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Most likely, a maintainer's GitHub and npm accounts are compromised as these issues are getting deleted. I have also reported this as a vulnerability, so that a CVE can be generated.

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.

Discover 7 enterprise infrastructure tools that reduce engineering workload, speed deployment, and eliminate months of manual ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...