CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...
Yahoo

Axios reveals details of how US and Iran agreed on ceasefire

Add Yahoo as a preferred source to see more of our stories on Google. Axios has learnt that the United States and Iran have agreed on the parameters of a two-week ceasefire through intermediaries ...
Dark Reading

Axios Attack Shows How Complex Social Engineering Is Industrialized

The Axios attack has highlighted the sophistication, scalability, and industrialization of social engineering attacks. Late last month, the NPM package of Axios, an extremely popular JavaScript HTTP ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
The Hindu

The Axios Hack: How a single compromised account put millions of developers at risk

If you’ve ever built a website, run a startup, or shipped software of any kind in the last decade, there’s a good chance you’ve used axios. It’s one of those software tools that powers enormous chunks ...
Gulf News

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

In the wake of a critical supply chain attack targeting the widely used Axios JavaScript library, like leading analyst from NST Cyber pointed out, Many CXOs community chief information security ...
CSOonline

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem. Attackers ...
SiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...
The Star

Axios software tool used by millions compromised in hack

An unknown hacker was able to breach one of the few accounts that can release new versions of Axios late Monday and published malicious versions of it. — Pixabay Axios, a tool widely used to develop ...