Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Mac users beware — experts say this attack stood out immediately by making a major change

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

'Cold as ice': Serial killer admits to eight murders in case that haunted Long Island for years

Rex Heuermann's plea ends a case that police took 13 years to solve, frustrating the public and victims' family.
Cybernews

Critical Adobe Reader zero-day lets PDFs steal files, may have been active for months

A newly discovered Adobe Reader zero-day vulnerability allows malicious PDF files to steal local data and potentially lead to ...

Bulls CEO Michael Reinsdorf says he wants coach Billy Donovan to remain in his job

Chicago Bulls president and CEO Michael Reinsdorf made it clear he wants coach Billy Donovan to remain in his job.
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
The Caledonian-Record

As Trump threatens Iran's infrastructure, a Tehran couple wonders how to prepare

A couple living in Iran's capital have grown used to the sound of daily airstrikes five weeks into the war. They've taped up their windows and packed a bag with ...
PCMagOpinion

Microsoft Is Finally Fixing Windows 11's Web App Problem. It's About Time

Windows 11 is full of web apps that make your PC slower and less enjoyable to use, so I'm excited about the prospect of a ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...