Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler.

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Meta pauses Mercor partnership after a major data breach raises concerns over exposure of sensitive AI training data.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Stop letting AI pick your passwords. They follow predictable patterns instead of being truly random, making them easy for ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Encode and decode Base64 without "=" padding. RFC 4648 specifies that Base64 should be padded to a multiple of 4 bytes using "=" characters. However many protocols choose to omit the "=" padding.