Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer ...
Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and ...
Security firm Socket advised developers to check dependencies for affected Axios versions and remove or roll back compromised ...
Israel and the US say Lebanon is not included in a two-week ceasefire deal with Iran. PM Benjamin Netanyahu says Israel ...
Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
In 2025, Google fixed a total of eight zero-days exploited in the wild, many of which were discovered and reported by ...
Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results