CSO Online

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Apple adds macOS Terminal warning to block ClickFix attacks

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks.
SecurityWeek

New DeepLoad Malware Dropped in ClickFix Attacks

The new DeepLoad malware has been distributed in ClickFix attacks to steal user credentials and install a rogue browser ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Nature

Primer: pitfalls of aspiration and injection

This review on joint aspiration and injection focuses on three common clinical problems: how to deal with 'dry taps', especially when a septic joint is suspected in the differential diagnosis; how to ...