Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

Windows keeps introducing bloatware, and it is usually better to get rid of these apps and replace them with better ...

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

Trying to test API online can be a bit of a headache, especially with so many tools out there. I’ve found myself lost in the options more than once. Whether you’re just starting out or you’ve been ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Microsoft has not yet removed a mandatory clean install requirement for a Windows 11-exclusive feature, which is said to boost performance. Performance gains are something likely everyone looks ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...