Supply chain attacks feel like they're becoming more and more common.

OpenClaw, an open-source AI agent with a red lobster logo, has sparked a nationwide craze in China in early 2026.Unlike ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

今天，《人物》杂志发表了一篇报道： 文章中提到，Kimi 这群人，很会起名字，起名字的时候很有品味。 在 2025 年的 9 月，公司内部启动了一个小项目，名为「Ensoul」（赋予灵魂）。 根据 APPSO 了解，Ensoul ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

I’ve used plenty, but this one rewired my daily workflow.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

OpenAI announced they are extending the Responses API to make it easier for developer to build agentic workflows, adding ...