North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

The company Wasmer, which is behind the WebAssembly runtime of the same name, has released Edge.js. The open-source JavaScript runtime specializes in securely executing Node.js workloads in ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Suspected North Korean hackers have compromised Axios, one of the most widely used JavaScript libraries in American software development, by hijacking a maintainer’s npm account and publishing tainted ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.