Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers ...

New Password Stealer Bypasses 2FA—Chrome, Edge And Firefox Targeted

This new Storm attack platform can exfiltrate passwords and session data, enabling 2FA bypass. Google Chrome, Microsoft Edge ...

SpaceX’s stratospheric IPO hopes, OpenAI’s ridiculous round and the agentic AI gap

This week his SpaceX reportedly filed confidentially for a $75 billion initial public offering that could value it at $1.75T.
IEEE

Improving QR Code Security using Multiple Encryption Layers

Abstract: Growing concerns about identity theft and privacy are brought on by the increased sharing of digital information, which leaves data open to quick changes while in transit. Digital data must ...

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
IEEE

Physical layer encryption of OFDM-PON based on quantum noise stream cipher with polar code

Abstract: Orthogonal frequency division multiplexing passive optical network (OFDM-PON) has superior anti-dispersion property to operate in the C-band of fiber for increased optical power budget.
gadgets360

Instagram to Discontinue End-to-End Encryption for DMs on May 8: What It Means for You

How E2EE on Instagram Works In end-to-end encrypted chats, every device participating in a conversation generates a unique encryption key that protects messages and calls, as per Meta. When a user ...
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
Wired

Inside OpenAI’s Race to Catch Up to Claude Code

Sam Altman sits with his legs pretzeled in an office chair, staring deeply into the ceiling. To be fair, the new OpenAI headquarters—a temple of glass and blond wood in San Francisco’s Mission ...