In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...
A sophisticated social engineering attack, disguised as a Microsoft Teams meeting, tricked the Axios lead maintainer into ...
UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Morning Overview on MSN
Suspected North Korean hackers compromise widely used US software
Suspected North Korean hackers have compromised Axios, one of the most widely used JavaScript libraries in American software ...
The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI ...
Thanks to the Prism Linux installer, I curated exactly the software I wanted and achieved the dream of out-of-the-box ...
A new malicious npm campaign using fake installation logs to hide malware activity has been identified by security researchers. The attacks, discovered by ReversingLabs, involve malicious packages ...
New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results