Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
CMSWire

Meet EmDash, the Cloudflare CMS and WordPress 'Spiritual Successor'

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — and industry reaction has been equal ...

CardSight AI Deploys Full Slab Grade Identification Across Five Grading Companies, Launches Market Pricing Data in Beta

Platform now identifies grading company and grade for PSA, Beckett, SGC, CGC, and TAG slabs; new pricing endpoints ...
OSTechNix

EmDash: The Secure, Fast TypeScript Successor to WordPress

EmDash is an open-source CMS built on Astro and Cloudflare. Featuring sandboxed plugins, AI-native tools, and 66% faster ...