Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Хакеры подсадили троян в одну из самых скачиваемых библиотек JavaScript

Хакерам удалось скомпрометировать аккаунт ведущего разработчика библиотеки Axios в реестре npm и опубликовать две вредоносные ...

Masters Gnomes: What to know about popular merchandise item at Augusta

Before the Masters Tournament action officially got underway, fans were shopping for exclusive event merch, including a Gnome ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Pureinsights Discovery 2.8 Introduces MCP Support for Agentic AI Applications

New enterprise connectors for SharePoint Online, OracleDB, SMB, and LDAP expand out-of-the-box data access for AI ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind majo…

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

New Report: Using Attribution as ‘Control Tower’ Helps Companies Prioritize Cash Over Coverage in Uncertain Times

Brinker and Riemersma find top teams use attribution to coordinate revenue action, not assign credit, investing where ...
TechBooky

Leaked & Exploited Claude Code Distributes Infostealer Malware On GitHub

In order to spread Vidar information-stealing malware, threat actors are taking advantage of the recent Claude Code source ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...