Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Spread the loveIn a significant revelation in the landscape of cybersecurity, Google has attributed a recent supply chain ...

The poisoned versions, "axios@1.14.1" and "axios@0.30.4," made it onto the npm registry before being yanked, though not before some unlucky devs and CI pipelines pulled them in. Rather than tampering ...

Axios, a hugely popular JavaScript library with 100 million weekly downloads, has been hit by a critical supply chain attack. In a recurring open-source security crisis, developers unknowingly pulled ...

A new browser for the npm registry has launched in alpha, following grassroots demand for an alternative to the official npmjs.com interface. The open source project was started by Daniel Roe, who ...

The Dune-inspired Shai Hulud has returned in a weaponized upgrade, unleashing an automated supply chain worm that's infected over 25,000 npm repositories, tied to hundreds of maintainers. See Also: ...