Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 31, 2026, two malicious versions of axios were published to npm, , using credentials stolen from a lead axios maintainer. The attacker injected a hidden dependency into both releases that drops a remote access trojan (RAT) on any machine that ran npm install during the exposure window. No CVE identifier has been assigned at the time of writing. The malicious dependency executes automatically at install time via a postinstall hook, without any action by the developer.

For years, the conversation around digital transformation in Southeast Asia focused on “getting to the cloud.” Today, that conversation has shifted. Our region is no longer just adopting the cloud; we are leapfrogging traditional development cycles by integrating AI and cloud-native architectures at a staggering pace. However, this acceleration has created a byproduct that many organizations are struggling to contain.

We're proud to introduce Programmable Flow Protection: a system designed to let Magic Transit customers implement their own custom DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary protocols built on UDP. It is engineered to provide the highest possible level of customization and flexibility to mitigate DDoS attacks of any scale.

When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.

The latest European Commission guidance on the Cyber Resilience Act sends a clear message to manufacturers of connected products: cybersecurity must be designed in from the start, maintained throughout the product lifecycle, and supported by demonstrable processes for risk management, vulnerability handling and ongoing support. For organizations building, deploying and managing connected devices, this is a significant shift. The CRA is not simply another compliance exercise.

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application.

Most organizations can tell you which apps sit behind SSO. Far fewer can tell you what other apps teams are using, or who has access to the credentials.

I am no stranger to conferences, and certainly no stranger to security conferences. Over the years, BlackHat and DEFCON have both become staples of my calendar. But this year brought a new one to the list: RSA, and it truly lived up to the hype. The show floor was full of bright lights, fancy booths, and yes, tattoos, if you knew where to find them.

Amazon S3 is reliable cloud storage provided by Amazon Web Services (AWS). Files are stored as objects in Amazon S3 buckets. This storage is widely used to store data backups due to the high reliability of Amazon S3. Unlike Amazon Elastic Block Storage (EBS), where redundant data is stored in one availability zone, in Amazon S3, redundant data is distributed across multiple availability zones.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo When we started building Torq four years ago, we had a thesis: the SOC was broken, and automation — real automation, not another tool bolted onto the stack — was the way to fix it. AI has since changed the game entirely. But has it streamlined the SOC, or introduced new complexity? We wanted to find out.