A high-risk software supply chain attack has poisoned widely used axios npm releases, turning routine installs into a cross-platform compromise. Developers, CI/CD systems, and production pipelines that pulled the tainted axios versions (1.14.1 and 0.30.4) risked silently receiving a multi-stage backdoor that targeted Windows, macOS, and Linux hosts. Because axios sits deep in many dependency trees, a single malicious release
Latest Articles

Microsoft Extends Windows 10 Extended Security Updates Through October 2027
Microsoft has quietly extended its consumer Extended Security Updates (ESU) program for Windows 10, pushing the cutoff for critical security patches out another year to October 12, 2027. The move gives millions of users who have not yet migrated to Windows 11 additional time to receive important and critical security fixes, while Microsoft continues to encourage upgrades to the newer OS. For those already enrolled in the consumer ESU program, coverage continues automatically under the new end date. What the…
Continue readingGoogle Drive turns on AI ransomware detection by default for paying users
Google has moved its AI-powered ransomware detection for Drive out of beta and enabled it by default for paid customers, shifting cloud storage from a passive backup to an active containment point. First trialed in late 2025, the feature now scans files as they sync from desktop endpoints and pauses syncing when ransomware-like encryption is detected, alerting both users and
Microsoft issues emergency Windows 11 update KB5086672 to fix broken March preview (KB5079391)
Microsoft has released an out-of-band (OOB) emergency update—KB5086672—to address installation problems introduced by the March 2026 non-security preview update (KB5079391). The optional cumulative preview, which shipped for Windows 11 versions 24H2 and 25H2, was pulled after users began reporting installation failures with the error code 0x80073712. KB5086672 was published on March 31, 2026 as a replacement that both restores the
Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now
Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize
Google Lets You Change Your @gmail.com Address — Here’s How to Do It Safely
For more than twenty years, the email address you chose when creating a Google Account was effectively permanent. That meant awkward childhood handles, name changes after marriage, or simply wanting a cleaner, more professional address often required creating a brand-new Google Account and manually migrating data. Google has quietly changed that rule: users with @gmail.com addresses can now replace their
Inside the Claude Code Leak: What Anthropic’s Accidental Release Reveals
Anthropic, the AI company behind the Claude family of agents, suffered an unexpected exposure that rippled across the developer community and the wider AI market. Earlier today, a sizable JavaScript source map file—bundled with a public npm release—made internal implementation details of Claude Code visible to anyone who downloaded it. What began as a packaging mistake quickly became a public





