Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...

2026年3月31日，两个恶意版本的流行JavaScript HTTP库Axios被短暂发布到npm仓库。这两个版本均包含隐藏依赖项，可在macOS、Windows和Linux系统上安装远程访问木马（RAT）。此次攻击并未利用Axios代码本身的漏洞 ...

The most widely used JavaScript HTTP library on the internet — embedded in millions of production applications, relied on by ...

Spread the loveIn a significant security incident that has sent shockwaves through the developer community, a North Korean state-sponsored hacking group has successfully compromised the popular Axios ...

The No. 3 Michigan Wolverines take on the No. 7 UConn Huskies in the NCAA Tournament National Championship. The teams play ...

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...