On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of ...

A hacker took over an account belonging to the lead maintainer of the JavaScript library, Axios, which is used to handle HTTP requests, as reported by Cybernews. Security researchers found that ...

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Hackers target GitHub developers with fake VS Code alerts and CVEs, using malicious links to steal data and deliver malware.

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

As a new hacking exploit kit affecting millions of iPhones becomes public, the U.S. Cybersecurity and Infrastructure Security ...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Security researchers have discovered DarkSword, a sophisticated exploit chain targeting iOS 18.4 through 18.7.2. Unlike past spyware aimed at high-profile targets, DarkSword is being surreptitiously ...