News

14 hours ago

Your AI Assistant Just Installed a Trojan: The Axios npm Compromise

Modern AI tools like Claude Code, Codex, or even the browser-based ChatGPT and Claude.ai often run npm install behind the scenes t...

1 week ago

I Ran npm install 1,000 Times This Year. Here's Why That Scares Me Now.

TL;DR: The GlassWorm campaign compromised 151+ GitHub repos and 72+ VS Code extensions in March 2026 using invisible Unicode paylo...

Nov 03, 2025

npm's New Token Limits Won't Stop the Attacks That Actually Happen

npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't addre...

Are you a journalist or an editor?

BTC

$66,792.00

▲ 0.66%

ETH

$2,056.76

▲ 1.03%

USDT

$1.000

▲ 0.02%

XRP

$1.31

▲ 0.26%

BNB

$584.91

▲ 0.11%

USDC

$1.000

▲ 0.03%

SOL

$80.01

▲ 1.33%

TRX

$0.314

▼ 0.69%

FIGR_HELOC

$1.03

▲ 0.85%

DOGE

$0.0913

▲ 1.45%

USDS

$1.000

▼ 0.06%

WBT

$51.19

▲ 0.56%

LEO

$10.06

▲ 0.32%

ADA

$0.245

▲ 3.04%

BCH

$442.03

▼ 0.48%

HYPE

$35.91

▲ 2.97%

LINK

$8.69

▲ 2.29%

XMR

$326.26

▼ 1.27%

USDE

$0.999

▲ 0.01%

$0.143

▲ 0.54%