Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and ...

Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update

Adobe Acrobat and Reader users are under attack from hackers using a zero-day vulnerability. Update within 72 hours, Adobe ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Sonatype Releases Q1 2026 Open Source Malware Index: Trust Abuse Most Successful Attack Vector

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...