On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Anthropic accidentally leaked key details of its AI tool Claude Code.

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Gnata, “a pure-Go implementation of JSONata 2.x”, was built in just seven hours, $400 in tokens and a 1,000x speedup on common expressions.

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...