Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Ethereum and Solana developers were targeted by five malicious npm packages that steal private keys and send them to the attacker. The packages rely on typosquatting, mimicking legitimate crypto ...
Tom's Hardware on MSN
One of JavaScript's most popular libraries compromised by hackers
An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions of the widely used JavaScript HTTP client library.
Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...
A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...
Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.
Spread the loveIn a significant revelation in the landscape of cybersecurity, Google has attributed a recent supply chain ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results