The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it.

Vulnerability attacks rose 56% in 2025. Explore 46 statistics on CVE disclosure, exploitation patterns, and industry impact to guide your 2026 security strategy. The post 46 Vulnerability Statistics ...

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

The U.S. State Department has officially launched the Bureau of Emerging Threats, a new unit tasked with protecting U.S.

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.