Fireship on MSN

The silent threat: Axios library exposes developers

A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.

Cybersecurity attackers don’t hack in anymore… they get invited in

"In cybersecurity in 2026, the attackers have stopped breaking down doors. They are being invited in. And the front door they’re walking through is trust itself." — Aida Keehner, founder and CEO, Atru ...
CPO Magazine

Over 100 AI Coding Agents Taken Over Via New “Agentjacking” Attack

The new “agentjacking” attack takes almost no real hacking ability to pull off. It's predicated on pulling a public ...
The Currency Analytics

Polymarket’s $3 Million Frontend Hack Hits 11 Wallets Holding PUSD

Polymarket got hit. A suspected phishing attack on one of the platform's third-party vendors let hackers inject malicious ...

Ableton is letting musicians build browser-style extensions for Live

The company provides a handful of example extensions that include the ability to bulk rename tracks, sketch out song arrangements, and slice up samples. The idea is that extensions can simplify ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Families call for justice as largest maternity report in NHS history to be published

The review of Nottingham University Hospitals (NUH) NHS Trust is expected to detail how failings led to deaths and avoidable ...

Xiaomi's HarnessX rewrites its own AI scaffolding mid-task — and smaller models gain the most

Xiaomi's HarnessX autonomously rewrites AI agent harnesses mid-execution, delivering +14.5% avg performance gains — and +44% ...

Canadian hacker Aubrey Cottle sentenced to 18 months custody after pleading guilty to cyberattack charges

Canadian hacker Aubrey Cottle has been sentenced to 18 months in custody after pleading guilty to three charges stemming from ...
GovInfoSecurity

Cybercrime Initial Access Service SocGholish Disrupted

Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by ...

Hackers demand payment for stolen data tied to heart monitoring company iRhythm

Preview this article 1 min Hackers used "social engineering," a multiple-step technique hackers sometimes use to trick people ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...