StepSecurity is internet hosting a group city corridor on this incident on April 1st at 10:00 AM PT – Register Here. On March 31, 2026, StepSecurity recognized two malicious variations of the broadly used axios HTTP consumer library revealed to npm: axios@1.14.1 and axios@0.30.4. Both variations have been revealed utilizing the compromised npm credentials of…
The KICS GitHub Action was compromised with credential-stealing malware by TeamPCP, the identical group behind the Trivy attack. KICS is an open supply infrastructure as code safety scanner by Checkmarx. Between 12:58 and 16:50 UTC on March twenty third, any customers of this GitHub Action who have been pinning to one of many compromised tags…
Nearly 1 million consumer data have been compromised in an information breach at blockchain-powered lender Figure Technology Solutions. The firm confirmed to TechCrunch that it suffered an information breach after an worker fell sufferer to a social engineering assault, saying the attackers obtained a restricted variety of recordsdata. The ShinyHunters hacker group took credit score…