The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Supply chain attack hits Axios npm releases, users urged to rotate keys

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...
Bleeping Computer

Latest In-Browser Attack news

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to ...
MarketWatch

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

The MarketWatch News Department was not involved in the creation of this content. -- ThreatDown's EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the ...