The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...

A breach Tuesday of the widely used Axios software library is the latest in a string of incidents exposing risks in the systems that underpin how modern software is built. Developers use Axios to ...

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...

In a major supply-chain attack that could take months to recover from, suspected North Korean hackers compromised a software package used by thousands of US companies, CNN reported on Tuesday.

A supply-chain attack affecting Axios, the popular JavaScript library, traced back to DPRK threat activity. (Image: Shutterstock) A supply-chain attack that compromised versions of Axios to distribute ...

According to IRNA, Iran is demanding a complete end to the fighting in the region, along with a protocol to ensure safe passage through the Strait of Hormuz. Iran has rejected the proposal for a ...

A widely used JavaScript package used with over a hundred million weekly downloads has been compromised in a new supply chain attack to fetch a malware payload for Windows, Linux systems and macOS ...

The attack, designed to cover the hacker’s tracks, was one of the 'most operationally sophisticated supply chain attacks' ever documented against a large NPM, according to the StepSecurity analysis. — ...