A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...

A security researcher disclosed that a hardcoded API key in ClickUp's production JavaScript bundle has exposed 959 email ...

AI Verified gives any registered business the machine-readable identity AI systems need to find and cite them — solving the ...

Say “publish this as a website” and your AI agent handles the rest: it builds the file, uploads it, and hands you a ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

ECH encrypts the TLS handshake, backends speak HTTP/2, and Multipath TCP uses multiple network paths in parallel.

A newly disclosed security flaw in Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem, has raised concern across software and cloud security teams after official ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

The Axios attack has highlighted the sophistication, scalability, and industrialization of social engineering attacks. Late last month, the NPM package of Axios, an extremely popular JavaScript HTTP ...

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...

Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...