Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

A hacker took over an account belonging to the lead maintainer of the JavaScript library, Axios, which is used to handle HTTP requests, as reported by Cybernews. Security researchers found that ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Plus: California has defied Trump's demands to stop AI regulation. This is today's edition of The Download, our weekday ...

When somebody sends you a document as an attachment, don't just open it. Use the free tool Dangerzone to scrub it clean of ...

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

Switch from Adobe Acrobat to Okular, a fast, free PDF reader with powerful annotation tools, no ads, no subscriptions, and support for multiple file formats.

USB-transferred PDFs now support highlights, notes, and improved navigation. Kindle Scribe adds direct writing on sideloaded PDFs Amazon is rolling out a new software update to its Kindle devices, ...

Turn any website into a desktop app with Pake. Create fast, lightweight apps without browser dependency or bloat.

A judge ordered the U.S. Customs and Border Protection to provide an update on the agency's progress toward issuing refunds ...

A federally-regulated prediction markets platform called criminal charges filed against the company in Arizona "seriously ...

Strip the types and hotwire the HTML—and triple check your package security while you are at it. JavaScript in 2026 is just getting started. I am loath to inform you that the first month of 2026 has ...