Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

The internals – the parts that actually make it a working camera – will probably be familiar to anyone who’s kept up with the DIY camera scene. It’s powered by a Raspberry Pi Zero 2W, has a 2” LCD ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Now I can use any operating system I want without losing features.

A new variation of the ClickFix technique is capitalizing on the popularity of Anthropic's Claude Code and other AI coding tools. Researchers at Push Security discovered the threat campaign, which ...

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate ...

Within three years, no embedded software developer is going to be writing code. I know it sounds like another one of my controversial statements. But I recently used Claude Code to write the best ...