Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Anthropic accidentally exposed Claude Code source, raising security concerns

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Anthropic Claude Code Leak Reveals Secrets—Self-Healing Memory, Undercover Mode, KAIROS Features Unveiled

Discover the implications of the Claude code leak, revealing the inner mechanics of Anthropic's AI system, including ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and ...
NetEye Blog

Vue 3 PWAs are great, until they bite

This is more about what happens when you try to make a Vue 3 PWA behave well in real life, on a complex multi-faceted application. Vue 3 gives you the reactivity model and composition primitives that ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...