A sophisticated social engineering attack, disguised as a Microsoft Teams meeting, tricked the Axios lead maintainer into ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Suspected North Korean hackers have compromised Axios, one of the most widely used JavaScript libraries in American software development, by hijacking a maintainer’s npm account and publishing tainted ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. The campaign ...

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...

To get the Nico's Yarncaster Rod in Fisch, players must solve a few riddles from the Crazy Cat Lady. Nico's Yarncaster Rod has decent stats, and it gives Skrunkly mutation. The rod also lets players ...