On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

I’ve used plenty, but this one rewired my daily workflow.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

Chainguard is racing to fix trust in AI-built software - here's how ...

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python development tools. The terms of the deal were not disclosed. Astral’s development ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

TL;DR: Google is testing a new Chrome feature on Windows 11 whereby people can elect to have the browser automatically launch when the OS reaches the desktop on first booting. The browser opens in the ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...