This popular app builder is being abused to trick users - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
JG-TC.com

Michigan rolls over Arizona in Final Four, will play UConn for national title

Michigan overpowered Arizona early and humbled the ’Cats all night long, turning the Final Four meeting billed as the Game of ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
GitHub

[email protected] and [email protected] are compromised

Most likely, a maintainer's GitHub and npm accounts are compromised as these issues are getting deleted. I have also reported this as a vulnerability, so that a CVE can be generated.

Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...