SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

How to Build Secure 24/7 AI Automations With OpenClaw

This beginner guide covers OpenClaw setup with a secure SSH tunnel and npm run scripts, plus tips for reconnecting after ...
CSO Online

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...
AZ Central

ClawHavoc Malware Found in 539 OpenClaw Skills, ClawSecure Reports

Audit identifies credential harvesting, C2 callbacks, and data exfiltration patterns across 18.7% of the most popular OpenClaw agent skills, ClawSecure reports ClawSecure’s audit found ClawHavoc ...
Reuters

NY court rejects Shell bid to overturn arbitration ruling that favored Venture Global

HOUSTON/NEW YORK/LONDON, March 2 (Reuters) - A New York state judge on Monday rejected British oil major Shell's (SHEL.L), opens new tab request to throw out an arbitration award that favored Venture ...