The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
InfoWorld

Ktor adds dependency injection and HTMX modules

JetBrains has released Ktor 3.2.0, an update to the Kotlin-based framework for building asynchronous applications that brings modules for dependency injection and HTMX and automatic deserialization of ...
Bleeping Computer

PyTorch discloses malicious dependency chain compromise over holidays

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch ...