Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. The company said that on ...
A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.
Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
Critical digital infrastructure is increasingly maintained by under‑resourced individuals, yet exploits have economic and national security consequences — even for Apple. The recent supply-chain ...
It's been about a week since suspected hackers out of North Korea temporarily compromised axios, one of the world's most popular JavaScript HTTP client libraries. Now, more details are emerging about ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...
Threat actors have targeted an open source maintainer to hijack one of the most popular npm packages and spread remote access Trojans (RATs). Axios is a JavaScript library downloaded over 100 million ...