A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...
Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
A securities fraud class action has been filed against NuScale executives alleging misrepresentations about ENTRA1 leading to a 12.4% stock plunge.NEW ...
An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
14d
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and Enkrypt AI CSO Merritt Baer weigh in on agent permissions and derived IP ...
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results