Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

Vercel data leak: CEO confirms internal breach linked to AI tool as hackers claim to sell stolen data for $2 million

Vercel has confirmed a data breach affecting its internal systems and attributed it to employee's Google Workspace account ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

How to use Codex to build a Website

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...
SecurityWeek

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
Appuals

How to Fix Downloading Problems on MediaFire?

If MediaFire shows a download error when you try to download a file in your browser, it usually means the file page loads correctly, but the actual ...

Seal Security Launches Mythos Readiness Program to Close the "Silent Patch Gap" Between Fix Commits and CVE Advisories

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program ...