Normal view

Received today — 31 March 2026 ⏭ The Register - Security

The Register - Security
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines 31 March 2026 at 10:29

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

31 March 2026 at 10:29

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."…

The Register - Security
OpenAI patches ChatGPT flaw that smuggled data over DNS 30 March 2026 at 19:36

OpenAI patches ChatGPT flaw that smuggled data over DNS

The Register - Security

30 March 2026 at 19:36

Check Point says outbound controls blocked web traffic but overlooked DNS

OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…