Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

Having another security threat emanating from Node.js’ Node Package Manager (NPM) feels like a weekly event at this point, but this newly discovered one is among the more refined. It exploits not only ...

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.