Yahoo

Axios reveals details of how US and Iran agreed on ceasefire

Add Yahoo as a preferred source to see more of our stories on Google. Axios has learnt that the United States and Iran have agreed on the parameters of a two-week ceasefire through intermediaries ...
Dark Reading

Axios Attack Shows How Complex Social Engineering Is Industrialized

The Axios attack has highlighted the sophistication, scalability, and industrialization of social engineering attacks. Late last month, the NPM package of Axios, an extremely popular JavaScript HTTP ...
The New York Times

This Is What Will Ruin Public Opinion Polling for Good

Dr. Weatherby is the director of the Digital Theory Lab at New York University. Dr. Recht is a professor of electrical engineering and computer sciences at the University of California, Berkeley. See ...
PC Magazine

Axios Hack Traced to AI Deepfake Trap

This week’s hack of Axios, a widely used software package, has been traced to an elaborate AI deepfake from suspected North Korean hackers that was convincing enough to trick a developer into ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
HHS

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack affecting Axios, the popular JavaScript library, traced back to DPRK threat activity. (Image: Shutterstock) A supply-chain attack that compromised versions of Axios to distribute ...
CNN

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...
Infosecurity-magazine.com

Hackers Hijack Axios npm Package to Spread RATs

Threat actors have targeted an open source maintainer to hijack one of the most popular npm packages and spread remote access Trojans (RATs). Axios is a JavaScript library downloaded over 100 million ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
SiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...
Hosted on MSN

Supply chain attack hits Axios npm releases, users urged to rotate keys

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...