Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Hackers infiltrated Axios maintainers using fake Slack channels and Teams calls, then published infected packages.

Vercel has confirmed a data breach affecting its internal systems and attributed it to employee's Google Workspace account ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat actor, turning what already looked like a serious open-source incident ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

A major JavaScript security scare unfolded after malicious versions of a widely used package were briefly published to npm ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks.