In a shocking security breach, a bag containing firearms was left outside the home of Sadiq Khan, the Mayor of London, on the evening of April 4, 2026. The incident, which occurred around 9:40 PM, has prompted immediate action from the Metropolitan Police, resulting in the suspension of five officers from frontline duties.

The bag, discovered by a member of the public named Jordan Griffiths, contained a Heckler & Koch submachine gun, a Glock pistol, a Taser, and ammunition. Griffiths reported the find to the police after his girlfriend initially noticed the heavy bag, which he thought might contain coins.

Upon opening the bag, Griffiths was taken aback to find a handgun in the front pocket and a submachine gun in the main compartment. “I could not believe my eyes,” he stated, adding that the police were equally shocked upon their arrival. They were informed that the bag had been left by one of Khan’s security officers.

This incident raises significant concerns about the safety protocols in place for Khan, who receives 24-hour armed protection due to ongoing threats against his safety. Currently, there are 15 armed officers assigned to his protection team, underscoring the seriousness of the situation.

The Metropolitan Police’s Directorate of Professional Standards is now reviewing the incident, which has been described as very serious by a spokesperson for Sadiq Khan. The swift response from the police, who arrived within seven minutes of the call, highlights the urgency with which such security breaches are treated.

As the investigation unfolds, the implications of this incident could have far-reaching effects on the protocols surrounding the protection of public officials. The fact that firearms were left unattended raises questions about the training and oversight of security personnel assigned to high-profile figures.

Details remain unconfirmed regarding the exact circumstances that led to the bag being left outside Khan’s residence, but the incident has already sparked discussions about the adequacy of security measures in place for public officials in London.

With the ongoing scrutiny of police conduct and public safety, this incident serves as a stark reminder of the challenges faced by those tasked with protecting elected officials in an increasingly complex security landscape.

The post Sadiq Khan’s Security Breach: Guns Left Outside His Home appeared first on casinoca.

On March 31, 2026, a serious security incident unfolded when the npm account of an axios maintainer was compromised. This breach allowed the attacker to publish two malicious versions of the popular JavaScript library: v1.14.1 and v0.30.4. These versions were live for approximately three hours before being removed from the npm registry, but not before they had a significant impact on the software ecosystem.

The malicious versions of axios included a dependency on a trojanized package named plain-crypto-js, which was designed to execute harmful payloads. The attack was particularly concerning as axios is a widely used library, facilitating HTTP/S requests across millions of applications. With approximately 100 million downloads per week, the potential for widespread damage was immense.

According to reports, the malicious package functioned as a dropper, downloading and executing platform-specific payloads that acted as lightweight remote access trojans (RATs). The attack’s reach was extensive, impacting about 80% of cloud and code environments that utilize axios. Initial estimates suggest that around 3% of these environments observed execution of the malicious versions, raising alarms among developers and organizations alike.

In the aftermath of the breach, organizations were strongly advised to audit their environments for any potential execution of the compromised versions. The attacker’s strategy included the use of a pre-staged decoy package to lend an air of legitimacy to the malicious versions, complicating detection efforts. This tactic underscores the sophistication of the attack and the need for heightened vigilance in software supply chains.

Experts have noted that the implications of this breach could extend beyond immediate damage. “The attacker may have obtained repo access, signing keys, API keys, or other secrets that can be used to backdoor future releases or attack your backend and users,” warned a cybersecurity analyst. This highlights the potential for long-term vulnerabilities stemming from the incident.

Furthermore, the malicious versions were designed to appear clean, with any post-infection inspection of the node_modules/plain-crypto-js/package.json showing a completely clean manifest. This deceptive practice poses a significant challenge for developers attempting to secure their applications in the wake of the breach.

The axios incident serves as a stark reminder of the vulnerabilities inherent in widely used libraries and the importance of robust security measures in software development. As organizations scramble to assess the damage and secure their environments, the broader tech community is left to ponder the implications of such breaches on trust and security in the software supply chain.

The post Axios: Massive Security Breach: Maintainer Account Compromised appeared first on casinoca.