North Korean hackers used an updated version of a known backdoor to target a popular npm package.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

The launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...

Clinical trial data reviewed by NICE shows that semaglutide reduced the risk of serious cardiovascular events, including ...

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...