Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security firm Socket advised developers to check dependencies for affected Axios versions and remove or roll back compromised ...
Dexerto

Viral Letterboxd keychain lets cinephiles show off their favorite movies on the go

A viral Letterboxd-inspired keychain is letting movie fans carry their favorite films around in real life, but buyers ...
Milwaukee Journal Sentinel

Leaked draft hat appears to show Rams' updated logo

It appears the Los Angeles Rams will have an updated logo in the very near future. A photo shows what seems to be their leaked draft hat for this year, and on the front is an all-yellow “LA” logo. No ...
WDW News Today

Disneyland Has a New Logo Mug & Keychain Available to Purchase

A simple new mug featuring the Disneyland “D” logo is available at Disneyland Resort, as well as a castle keychain. This stoneware mug has a matte white finish. The Disneyland “D” logo is debossed ...
Refinery29

Beauty Charms Are Taking Over — These Are Team R29’s Favourites

All linked products are independently selected by our editors. If you purchase any of these products, we may earn a commission. With everyone from drugstore to prestige brands getting in on the beauty ...
heise online

Popular JavaScript package is: Malware through supply chain attack

Maintainer Jordan Harband writes on Bluesky that attackers had taken over the account of another project manager. Versions 3.3.1 and 5.0.0 of the package are affected. Both versions were apparently ...
heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...