Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Skull vibrations could be your next password

Modern life requires lots of logging into apps and websites. Even with a password manager, remembering all of that log in ...
CSO Online

Security lapse lets researchers see React2Shell hackers’ dashboard

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Unite.AI

OpenAI Releases Codex Plugin That Runs Inside Anthropic’s Claude Code

OpenAI published a Codex plugin on March 30 that installs directly inside Anthropic’s Claude Code, letting developers run code reviews and delegate tasks to Codex without leaving their existing ...
NetEye Blog

Rethinking Authentication and Authorization in a Multi-Component Platform with OIDC

Each of these tools brings value and, inevitably, its own idea of authentication and authorization. At some point, “it works” ...