Systems | Development | Analytics | API | Testing

dreamfactory

The Axios npm Supply Chain Attack: A Complete Technical Analysis of the Maintainer Hijack, Cross-Platform RAT, and Enterprise Impact

Mar 31, 2026 By Kevin McGahey In DreamFactory
On March 31, an attacker hijacked the npm account of Axios’s primary maintainer and published two malicious versions of the most popular HTTP client library in the JavaScript ecosystem. The backdoored packages—axios@1.14.1 and axios@0.30.4—injected a trojanized dependency that delivered cross-platform remote access trojans to macOS, Windows, and Linux machines within seconds of installation.
Read Post
dreamfactory

Five Supply Chain Attacks in Twelve Days: How March 2026 Broke Open-Source Trust and What Comes Next

Mar 31, 2026 By Kevin McGahey In DreamFactory
Between March 19 and March 31, five major open-source projects were compromised in rapid succession: Aqua Security’s Trivy vulnerability scanner, Checkmarx’s AST GitHub Actions, the LiteLLM AI proxy on PyPI, the Telnyx communications library, and Axios—the most downloaded HTTP client in the npm registry. Collectively, these projects serve hundreds of millions of installations across virtually every enterprise software environment on earth.
Read Post
bugraptors

Stryker Cyberattack: The Enterprise Security Gaps That Just Exposed a Global Healthcare Giant?

Mar 13, 2026 By Rajeev Verma In BugRaptors
A $25 billion Fortune 500 medical device company, Stryker, was targeted by an Iran-linked hacker group that claimed to have wiped over 200,000 servers, mobile devices, and other systems, forcing the company to shut down offices in 79 countries. The medical technology industry has been hit hard by this huge problem. It's a stark warning that even the largest names in the business world can be hit by clever wiper malware.
Read Post
bugraptors

Top Security Testing Companies to Fortify Your Defenses in 2026

Jan 15, 2026 By Girish Chawla In BugRaptors
The question today is no longer if you face a cyberattack, but when. As technology evolves, so do the threats that seek to exploit it. Data privacy laws are more stringent, breaches are more complex, and the financial and reputational consequences of a securit y disaster are greater than ever before. A reactive securit y posture is a formula for catastrophe companies looking to innovate and expand. Resilient digital defences are based on thorough, proactive, and expert-led security testin g.
Read Post
What is Exposure Management? Explained for Vulnerability Management Teams

What is Exposure Management? Explained for Vulnerability Management Teams

Oct 31, 2025 By SystemsDigest In SystemsDigest
If you're a vulnerability management professional or have experience leading teams that do vulnerability management, you know CVEs inside and out. You've got your scanning tools configured, your patch cycles running, and your CVSS score thresholds set. But lately, something probably feels off. Maybe it's the fact that breaches keep happening despite all the patching. Maybe it's that your CVE count keeps growing faster than you can remediate. Or maybe you're just tired of explaining why that "critical" vulnerability in a disconnected test server isn't actually critical.
Read Post
hitachi vantara

A Cyberattack Won't Start With a Warning. It Starts With Your Files.

Oct 17, 2025 By Michael Pacheco In Hitachi Vantara
October marks Cybersecurity Awareness Month. It’s a timely reminder that the files you touch, share, and rely on every day often hold your most valuable data and are exactly what attackers are after. Unstructured data, like spreadsheets, documents, logs, and backups, makes up the majority of your business data. That’s what makes it the prime target for ransomware.
Read Post
keploy

Key Extraction By Uprobe Attachment On Openssl For Ssl Inspection

Apr 11, 2025 By Chinamaya Sharma In Keploy
Man-in-the-middle attacks are elegantly mitigated in TLS, with TLS1.3 introducing more robust encryption protocols and a streamlined handshake process that significantly reduces the vulnerability to these types of attacks. By employing stricter encryption standards and eliminating outdated cipher suites, TLS 1.3 enhances security measures to effectively counter potential interception and unauthorised data decryption.
Read Post
kong

Protect APIs Against Injection Attacks with Content Inspection

Dec 20, 2024 By Veena Rajarathna In Kong
APIs facilitate effortless communication and data exchange between applications and services. However, their inherent design, which codifies service capabilities within the API definition, makes them easily exploitable by malicious actors. API attacks in the US alone are projected to cost $506 billion this decade — and are expected to surge 996% by 2030. And API-related breaches lead to more leaked data than the average security breach, according to Gartner.
Read Post
dreamfactory

How DreamFactory Prevents SQL Injection Attacks

Oct 21, 2024 By Kevin McGahey In DreamFactory
A SQL injection attack is an attempt to modify the syntax of a SQL query executed in conjunction with a user-initiated action within a software application. Some examples of user-initiated actions include searching for a product within an e-commerce catalog, adding a comment to a blog post, and creating a new user account. In each of these scenarios, the user uses a form to submit input (e.g.
Read Post
bugfender

Web Security Attacks You Must Know - Part 1

Jun 17, 2021 By Tapas Adhikary In Bugfender

As developers, we know the pitfalls of the internet – the gateways that malicious actors can exploit to steal private data, siphon money and generally wreak havoc. But if we’re going to build watertight applications, it’s essential that we keep updating our knowledge base and prepare for every possible assault. In this post, we’re going to discuss five particularly common forms of attack.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.