Hackers infiltrated Axios maintainers using fake Slack channels and Teams calls, then published infected packages.

A major JavaScript security scare unfolded after malicious versions of a widely used package were briefly published to npm ...

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.

Hackers are exploiting Anthropic's accidental Claude Code source leak to distribute Vidar and GhostSocks malware through fake ...

Spread the loveIn a significant security incident that has sent shockwaves through the developer community, a North Korean state-sponsored hacking group has successfully compromised the popular Axios ...

Forty-five million weekly downloads. One compromised maintainer. Three hours of exposure before anyone noticed.

As enterprises rely more heavily on AI technologies and services, attackers’ living-off-the-land techniques have evolved to ...

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.