Dive into the latest news and insights about Security, one article at a time.
The Bangko Sentral ng Pilipinas (BSP) has ordered all banks and financial institutions to phase out SMS-based one-time passwords by June 30, 2026, under the Anti-Financial Account Scamming Act (AFASA). For developers building fintech, e-commerce, or any app with Philippine bank integrations, this means rethinking authentication flows and adopting biometrics, push notifications, behavioral analytics, or silent network authentication.
In late March 2026, attackers compromised the npm account of a maintainer of Axios—the JavaScript HTTP client downloaded tens of millions of times per week—and published malicious package versions that pulled in a trojan dependency. The incident is a textbook supply-chain attack on open-source infrastructure, with lessons for lockfiles, CI security, and how we trust third-party code.
A user's entire D: drive was accidentally deleted by Google's Antigravity AI agent during a routine cache clearing operation. This catastrophic failure highlights critical issues with AI agent safety, command interpretation, and the need for better safeguards in autonomous AI systems. Learn what went wrong, why it matters, and how developers can protect themselves.
A critical security vulnerability (CVE-2025-55182) has been discovered in React Server Components that allows unauthenticated remote code execution. Rated CVSS 10.0, this vulnerability affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0. Immediate action is required to upgrade to patched versions. This comprehensive guide covers everything developers need to know about the vulnerability, affected frameworks, and how to secure their applications.
OpenAI has confirmed a significant data breach affecting user accounts, with names, email addresses, and analytics data exposed through a security incident at analytics provider Mixpanel. While no chat conversations or sensitive credentials were compromised, the breach highlights critical security concerns in the AI industry.
Ensuring the security of web applications is critical in today’s digital landscape. Developers must adopt best practices to protect their applications from vulnerabilities and attacks.
