Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Android's controversial sideloading changes pushed me to build my own app installer

Android’s upcoming sideloading restrictions inspired me to build a terminal app that streamlines installing APKs and app ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...