Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

The countries that have social media bans, or are planning to implement one

It's been four months since Australia banned under-16s from using social media, and ever since, a growing number of countries ...

Anthropic leaks source code for Claude Code again: Here's what happened

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Trump's new White House app is a security and privacy nightmare

President Donald Trump's new White House app is a privacy nightmare for some users. On Friday, the Trump administration ...

The Axios Hack: How a single compromised account put millions of developers at risk

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios ...
The Hacker News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Google Ads malvertising spreads ScreenConnect malware using Huawei driver flaw, enabling EDR bypass and credential theft in U ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
AARP

Demand Surges for Meals on Wheels, a Lifeline for Low-Income Older People

Rising demand and higher costs force some Meals on Wheels programs to pause enrollment or create waitlists. Older adults rely ...
Analytics Insight

Axios Supply Chain Attack Exposes Crypto Wallets to Hidden Malware Risk

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...