Platforms like Polymarket have made it popular for users to trade on outcomes related to politics, crypto, sports, and global ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

Hackers infiltrated Axios maintainers using fake Slack channels and Teams calls, then published infected packages.

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

The ingenious engine of web dev simplicity goes all-in with the Fetch API, native streaming, Idiomorph DOM merging, and more.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.