Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

A sophisticated social engineering attack, disguised as a Microsoft Teams meeting, tricked the Axios lead maintainer into ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

Abstract: Software repositories such as PyPI and npm are vital for software development but expose users to serious security risks from malicious packages. The malicious packages often execute their ...

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware. Last year’s “PhantomRaven” ...

Threat actors were spotted weaponizing the n8n automation ecosystem this week, slipping malicious npm packages into its marketplace of community-maintained nodes. The deceptive packages, disguised as ...