The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Critical digital infrastructure is increasingly maintained by under‑resourced individuals, yet exploits have economic and ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

'This is unironically a malware nuclear missile.' ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...