Latest Articles

Supply-chain alert: axios NPM package poisoned to deliver WAVESHAPER.V2 backdoor

Supply-chain alert: axios NPM package poisoned to deliver WAVESHAPER.V2 backdoor

A high-risk software supply chain attack has poisoned widely used axios npm releases, turning routine installs into a cross-platform compromise. Developers, CI/CD systems, and production pipelines that pulled the tainted axios versions (1.14.1 and 0.30.4) risked silently receiving a multi-stage backdoor that targeted Windows, macOS, and Linux hosts. Because axios sits deep in many dependency trees, a single malicious release

Google Drive turns on AI ransomware detection by default for paying users

Google Drive turns on AI ransomware detection by default for paying users

Google has moved its AI-powered ransomware detection for Drive out of beta and enabled it by default for paid customers, shifting cloud storage from a passive backup to an active containment point. First trialed in late 2025, the feature now scans files as they sync from desktop endpoints and pauses syncing when ransomware-like encryption is detected, alerting both users and

Microsoft issues emergency Windows 11 update KB5086672 to fix broken March preview (KB5079391)

Microsoft issues emergency Windows 11 update KB5086672 to fix broken March preview (KB5079391)

Microsoft has released an out-of-band (OOB) emergency update—KB5086672—to address installation problems introduced by the March 2026 non-security preview update (KB5079391). The optional cumulative preview, which shipped for Windows 11 versions 24H2 and 25H2, was pulled after users began reporting installation failures with the error code 0x80073712. KB5086672 was published on March 31, 2026 as a replacement that both restores the

Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now

Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now

Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize

Inside the Claude Code Leak: What Anthropic’s Accidental Release Reveals

Inside the Claude Code Leak: What Anthropic’s Accidental Release Reveals

Anthropic, the AI company behind the Claude family of agents, suffered an unexpected exposure that rippled across the developer community and the wider AI market. Earlier today, a sizable JavaScript source map file—bundled with a public npm release—made internal implementation details of Claude Code visible to anyone who downloaded it. What began as a packaging mistake quickly became a public