News

Apr 02, 2026

Your AI Assistant Just Installed a Trojan: The Axios npm Compromise

Modern AI tools like Claude Code, Codex, or even the browser-based ChatGPT and Claude.ai often run npm install behind the scenes t...

Mar 25, 2026

I Ran npm install 1,000 Times This Year. Here's Why That Scares Me Now.

TL;DR: The GlassWorm campaign compromised 151+ GitHub repos and 72+ VS Code extensions in March 2026 using invisible Unicode paylo...

Nov 03, 2025

npm's New Token Limits Won't Stop the Attacks That Actually Happen

npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't addre...

Are you a journalist or an editor?

BTC

$80,910.00

▼ 0.15%

ETH

$2,298.99

▼ 0.1%

USDT

$1.000

▲ 0.01%

BNB

$676.80

▲ 2.55%

XRP

$1.46

▼ 0.21%

USDC

$0.999

▼ 0.12%

SOL

$95.01

▼ 1.23%

TRX

$0.350

▲ 0.16%

FIGR_HELOC

$1.04

▲ 0.75%

DOGE

$0.112

▲ 1.65%

WBT

$59.42

▼ 0.24%

USDS

$1.000

▼ 0.01%

ADA

$0.273

▼ 1.36%

HYPE

$40.10

▼ 2.89%

LEO

$9.99

▼ 2.05%

ZEC

$549.42

▼ 2.06%

BCH

$437.90

▼ 2.28%

LINK

$10.54

▲ 0.94%

XMR

$414.38

▲ 1.16%

TON

$2.27

▼ 8.48%