The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios maintainers.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...

AI-driven development accelerated credential sprawl in 2025, with 28.65M secrets detected, expanding attack surface and remediation strain.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

A new report from StepSecurity has uncovered a serious supply chain attack involving Axios, one of the most widely used HTTP ...

A pair of new Windows 11 Canary builds is now available for testing, and one of them brings tons of Command Line improvements ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.