On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

'This is unironically a malware nuclear missile.' ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

According to Google researchers, a North Korean group tracked as UNC1069 has previously targeted cryptocurrency and ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...