Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
PC Magazine

Hacker Tries to Spread Malware to Millions by Hitting 'Axios NPM' Software

A hacker has compromised a little-known, but popular 2.4MB software package that's downloaded over 100 million times per week and is widely used across apps. The IT security community is sounding the ...
The Hacker News

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities ...
Computer Weekly

Researchers delve inside new SolarWinds RCE attack chain

Researchers at Huntress Security have published data on the exploitation of a critical SolarWinds Web Help Desk (WHD) vulnerability, revealing how in at least three known incidents, attackers ...
Redmond Magazine

Microsoft Warns of Active SolarWinds Web Help Desk Exploitation

Microsoft observed active exploitation of internet-exposed SolarWinds Web Help Desk vulnerabilities enabling lateral movement. Attackers abused legitimate tools, PowerShell, and RMM software to ...
InfoWorld

Beyond NPM: What you need to know about JSR

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...
Infosecurity-magazine.com

SolarWinds Web Help Desk Vulnerability Actively Exploited

A US security agency has warned SolarWinds Web Help Desk users that a remote code execution (RCE) vulnerability patched by the vendor last week is being actively exploited. The US Cybersecurity and ...
SecurityWeek

Fresh SolarWinds Vulnerability Exploited in Attacks

The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. Threat actors are exploiting a critical-severity SolarWinds vulnerability that was patched last ...
CSOonline

SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT and security leaders. SolarWinds is yet again disclosing security ...
TechRepublic

Zapier NPM Hack Unleashes Self-Spreading Worm Attack

Each infected version has the ability to automatically spread itself to thousands of other repositories without any human intervention whatsoever. Threat actors have successfully weaponized Zapier’s ...
The Hacker News

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the ...