helpnetsecurity.com

Attackers hijacked the primary Axios maintainer's npm account and published two malicious versions that installed a cross-platform remote access trojan, exposing one of the JavaScript ecosystem's most downloaded packages.

Kali Linux 2026.1 commemorates BackTrack's 20th anniversary with a retro desktop mode, adds eight new security tools including an MCP server for Metasploit, and upgrades to kernel 6.18.

The European Parliament voted 458 to 103 on March 11 to restrict scanning of private communications to judicially authorized, targeted investigations, rejecting years of pressure for blanket surveillance of encrypted messaging platforms.

Google's March 2026 Android security update addresses 129 vulnerabilities including an actively exploited Qualcomm graphics flaw affecting 235 chipsets and a critical remote code execution bug in Android 16.

Cloudflare's 2026 Threat Report documents a pivotal shift: attackers now log in rather than break in, using stolen session tokens and AI-assisted credential theft to bypass MFA, as DDoS volumes doubled and nation-state pre-positioning inside critical infrastructure intensifies.

OpenAI's smaller, speed-optimized Codex-Spark model runs on Cerebras' Wafer Scale Engine 3, marking the AI giant's first move off Nvidia silicon for production inference.

A CVSS 9.9 command-injection bug in BeyondTrust Remote Support and Privileged Remote Access lets unauthenticated attackers execute OS commands, echoing the zero-days that gave Chinese state hackers access to the U.S. Treasury in 2024.

GitHub integrates Anthropic's Claude and OpenAI Codex alongside Copilot in new multi-agent platform