Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

AI Is Deciding What Your Customers See. Most Brands Haven’t Caught Up

AI is redefining retail. Deloitte projects 25% of sales will be agent-driven by 2030. Learn how SEO, AEO, and GEO are ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

A Comprehensive Guide to JSON Validation and Cleaning

This guide delves into the intricacies of JSON validation and cleaning, providing essential insights and practical steps to ...

Web framework: Astro 6.0 experiments with new Rust compiler

An experimental Rust compiler is intended to replace the previous Go compiler, and the Astro dev server now supports custom runtimes.
PBS

DOJ releases Epstein files containing sexual assault allegations against Trump

The Department of Justice released a batch of previously unreleased documents from the Epstein files that include notes from FBI interviews with a woman who says she was assaulted by President Trump ...