TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...

Every developer has a setup ritual before they start their day. Mine went unquestioned for almost two years – they were four terminal commands, typed in the same order every morning. It didn't feel ...

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Jeff Shell, the president of Paramount Skydance, was sued Monday by a man who claims he is owed $150 million for crisis communications services and for Shell’s refusal to help produce a TV show. The ...

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...