GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
The Joplin Globe

LEO Pharma Announces New Long-Term Data for SPEVIGO® (spesolimab-sbzo) Injection in Adults with Generalized Pustular Psoriasis at AAD 2026

LEO Pharma Announces New Long-Term Data for SPEVIGO® (spesolimab-sbzo) Injection in Adults with Generalized Pustular Psoriasis at AAD 2026 ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
CSO Online

Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be ...
Biometric Update

Aura breach and AI companion app flaws sharpen privacy fears

A new security report on AI companion apps is drawing attention because it arrives as an identity protection company is dealing with a data exposure incident.
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...
The Caledonian-Record

FDA Approves BRAVECTO® QUANTUM (fluralaner for extended-release injectable suspension) from Merck Animal Health to Treat and Control Asian Longhorned Tick …

Merck Animal Health, known as MSD Animal Health outside the United States and Canada, a division of Merck & Co., Inc., Rahway ...
SecurityWeek

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

The DarkSword iOS exploit chain was used by the Russian APT behind the Coruna exploit in attacks targeting Ukraine.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
ZDNet

This critical Chrome browser vulnerability lets malicious extensions spy on your PC

Researchers found a high-severity bug in Chrome's Gemini feature. It grants extensions the ability to spy on you or steal your data. Update now. A new vulnerability impacting Google Chrome's Gemini ...