Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Security researchers at BeyondTrust Phantom Labs discovered a critical flaw in OpenAI's Codex coding agent that allowed an ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...

Suspected North Korean hackers are believed to be behind an ongoing compromise of the widely used open-source package Axios, ...

Meta adds two new Ray-Ban frames meant to make them more prescription-lens friendly, and Samsung’s new app plays ultra-low frequencies into most earbuds to help reduce motion sickness. Starring ...

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.