Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...

Add Yahoo as a preferred source to see more of our stories on Google. Axios has learnt that the United States and Iran have agreed on the parameters of a two-week ceasefire through intermediaries ...

A North Korean cyberattack that last Monday briefly hijacked one of the most widely used open source projects on the web took weeks to carry out as part of a long-running campaign to target the code’s ...

Follow our live coverage here. WASHINGTON - The US, Iran and a group of regional mediators are discussing the terms for a potential 45-day ceasefire that could lead to a permanent end to the war, ...

The Axios attack has highlighted the sophistication, scalability, and industrialization of social engineering attacks. Late last month, the NPM package of Axios, an extremely popular JavaScript HTTP ...

Hackers from North Korea have bugged software used by thousands of companies across the United States in an attempt to use stolen cryptocurrency to fund the country's nuclear and missile programs. So ...

This week’s hack of Axios, a widely used software package, has been traced to an elaborate AI deepfake from suspected North Korean hackers that was convincing enough to trick a developer into ...

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors ...

Threat actors have targeted an open source maintainer to hijack one of the most popular npm packages and spread remote access Trojans (RATs). Axios is a JavaScript library downloaded over 100 million ...

On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. Malicious versions of the highly popular Axios NPM ...