A supply chain compromise involving the widely used JavaScript package Axios is now being tied to a North Korea-linked threat ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

According to Google researchers, a North Korean group tracked as UNC1069 has previously targeted cryptocurrency and ...

'This is unironically a malware nuclear missile.' ...

Spread the loveIn a worrying development for the cybersecurity landscape, North Korean hackers have successfully infiltrated the widely-used Axios NPM package, introducing backdoored versions of the ...

Axios is published and maintained on npm, the default package registry for JavaScript and Node.js projects. It is used to ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...