Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

AI is turning stealth attacks into the new normal, exposing hidden risks across systems, supply chains, and enterprise ...

OpenAI is asking Mac users to update ChatGPT, Codex, Atlas, and Codex CLI after a security issue involving Axios and macOS ...

Google’s handling of API keys has come under fresh scrutiny after security researchers said Android applications are exposing ...

Vercel suffered a security breach via a compromised third-party AI tool, with ShinyHunters selling stolen data. The incident threatens the company's planned IPO ...

Google’s new MFA requirement for the Ads API strengthens security but may require advertisers to adjust authentication ...

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Two malicious Axios npm releases have prompted warnings for developers ...

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...