Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Why the axios supply chain attack should have Apple worried

Critical digital infrastructure is increasingly maintained by under‑resourced individuals, yet exploits have economic and ...

Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
Analytics Insight

Axios Supply Chain Attack Exposes Crypto Wallets to Hidden Malware Risk

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...