In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...

A major decentralized finance (DeFi) hack could prompt Wall Street firms to reassess the pace of their blockchain and tokenization efforts, a Jefferies analyst wrote in a report. The note follows a ...

LayerZero said that Kelp’s DVN setup caused the $290 million exploit, as investors questioned which protocol would step up to cover the shortfall. Interoperability protocol LayerZero claims that an ...

Compromised Context.ai integration let attackers inherit Vercel employee access and reach internal systems, exposing a limited set of customer credentials. Frontend cloud platform Vercel, the creator ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...