Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of ...

In this post, we will show you how to exclude programs, files, and folders from scanning in McAfee, Kaspersky, Norton Avast, AVG, Bitdefender, Malwarebytes, etc. antivirus scans in Windows 11/10. When ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the ...

A widely used JavaScript package used with over a hundred million weekly downloads has been compromised in a new supply chain attack to fetch a malware payload for Windows, Linux systems and macOS ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

A sophisticated social engineering attack, disguised as a Microsoft Teams meeting, tricked the Axios lead maintainer into ...

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...