In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

LayerZero said that Kelp’s DVN setup caused the $290 million exploit, as investors questioned which protocol would step up to cover the shortfall. Interoperability protocol LayerZero claims that an ...

Microsoft CEO Satya Nadella was asked point-blank by a Wall Street analyst on Wednesday how its revised OpenAI partnership would impact Microsoft’s financials. He said that the new agreement was a ...

A major decentralized finance (DeFi) hack could prompt Wall Street firms to reassess the pace of their blockchain and tokenization efforts, a Jefferies analyst wrote in a report. The note follows a ...