Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

static void _set_ip_port(struct sockaddr_storage *p_addr, IPAddress *r_ip, uint16_t *r_port); static size_t _set_addr_storage(struct sockaddr_storage *p_addr, const ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

A patch to finally unlock the best VCD player the SEGA Dreamcast ever saw! - DerekPascarella/DreamMovie-UNLOCKED ...

谷歌威胁情报团队将近期Axios npm软件包供应链攻击事件归因于代号UNC1069的朝鲜黑客组织。该攻击以经济利益为目标，通过污染Axios软件包来针对依赖该库的开发者与组织。 谷歌威胁情报分析师John ...