Crypto products usually treat transfers as an execution problem. The interface has to show the route, estimate fees, handle ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

A helpful feature of speeding up transactions has become redundant and a "fingerprint" for tracking. Developers now want to ...

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

When it comes to cryptocurrency buzz, stablecoins are the new Bitcoins. No one is going to get rich off them. But just like Bitcoin (CRYPTO: BTC) holders, stablecoin holders can also lose their shirt ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. Developers searching for Claude Code installation instructions ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...

If you’ve ever built a website, run a startup, or shipped software of any kind in the last decade, there’s a good chance you’ve used axios. It’s one of those software tools that powers enormous chunks ...

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...