An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Claude Code leak is now used to spread malware via fake GitHub repos, delivering infostealers and backdoor tools.