Microsoft has explained how to download and install the latest version of TypeScript that promises 10 times better ...

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. Malicious versions of the highly popular Axios NPM ...

On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked maintainer account is behind the attack. The compromised versions silently ...

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...

Axios, a hugely popular JavaScript library with 100 million weekly downloads, has been hit by a critical supply chain attack. In a recurring open-source security crisis, developers unknowingly pulled ...

Cybersecurity researchers have uncovered three malicious Bitcoin npm packages designed to install malware called NodeCordRAT. NodeCordRAT is equipped to steal Google Chrome credentials, API tokens ...

North Korea's 'Contagious Interview' campaign to target job seekers has expanded yet again, this time with a persistent npm package-poisoning game that runs like a well-oiled machine. Threat actors ...