SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

EDB Postgres AI for WarehousePG: Reclaiming control of the enterprise data warehouse

Proprietary warehouses delivered scale — but at the cost of control, predictable pricing, and real flexibility. Enterprises are doing the math.
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Anthropic goes nude, exposes Claude Code source by accident

Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...
WinBuzzer

OpenAI Launches Plugin Marketplace for Codex with Enterprise Controls

OpenAI has launched a plugin marketplace for Codex with over 20 integrations from Slack, Figma, and Notion, adding enterprise ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...