Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Google Explains Googlebot Byte Limits And Crawling Architecture

Google's Gary Illyes published a blog post explaining how Googlebot works as one client of a centralized crawling platform, ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind majo…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Tech Xplore

North Korea hackers suspected of attack on widely used software tool

Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, ...

North Korea hackers suspected of attack on widely used software tool Axios

North Korea-linked hackers have launched a significant cyberattack on Axios, a popular JavaScript library, raising concerns ...
The Manila Times on MSN

North Korean hackers suspected of attack on software tool Axios

SEOUL — Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, Google analysts and other cybersecurity experts said on Wednesday. The ...
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
TechAnnouncer

Mastering Your ‘test API online’ Needs with These Top Tools

Trying to test API online can be a bit of a headache, especially with so many tools out there. I’ve found myself lost in the options more than once. Whether you’re just starting out or you’ve been ...

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...