DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
SiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...
ITWeb

Practical tech skills that actually boost employability in 2026

Employers increasingly prioritise experience, portfolios and applied skills over formal degrees alone, says Robin Ramokgadi, ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Web analysis without Google: Umami 3.1 brings replays and custom dashboards

Umami 3.1.0 brings configurable dashboards, session replays, and Core Web Vitals tracking for privacy-friendly web analysis.
Analytics Insight

10 Common TypeScript Mistakes Developers Make and How to Avoid Them

Overview:TypeScript improves code safety, but overusing “any” removes its main advantage.Clear types, strict settings, and ...
Software Engineering Institute

SEI Launches Leadership in AI for Cybersecurity Application Workshop

This training teaches analysts, developers, engineers, and leaders to build an end-to-end AI solution and consider how it could realize value for their organization.

Top open source AI platform Flowise hit by maximum-level security issue

A 10/10 Flowise bug was patched, but is now being abused in the wild.

Rsbuild 2.0: Faster bundling, ESM-first and Node 20

Rsbuild 2.0 relies on Rspack 2.0, modernizes defaults (ESM-first, Node 20) and reduces dependencies. New APIs enhance ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...