The Register

AI slop got better, so now maintainers have more work

If AI does more of the work but humans still have to check it, you need more reviewers. Now that AI models have gotten better ...
SecurityWeek

Guardarian Users Targeted With Malicious Strapi NPM Packages

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
Windows Latest

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better networking and easier setup

Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...

Node.js updates made easy: OpenJS offers support for companies

The OpenJS Foundation has launched a new program to support companies in switching to current Node.js versions.
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...

Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

OpenClaw not running on Windows PC [Fix]

If you are not able to use OpenClaw on Windows 11, use the built-in diagnostic tool, switch to WSL2 instead of PowerShell, ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Analysis: Should AI implement core features in critical software?

The community is discussing rejecting AI contributions in open-source development. This is neither realistic nor ...