Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
8d
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...
The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results