继LiteLLM后,周下载量超1亿次的Axios也被“投毒”!

继上周,中几乎所有前端开发者都用过的 HTTP 客户端库 Axios 也“惨遭毒手”: 两个官方版本被植入后门,只要在窗口期执行过 npm install,黑客就能拿到你设备的完整控制权。
XDA Developers on MSN

I automated my entire read-it-later workflow with a local LLM so every article I save gets ...

No more fighting an endless article backlog.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
InfoWorld

Visual Studio Code previews chat customizations editor

Just-released Version 1.113 of Microsoft’s Visual Studio Code editor emphasizes improvements ranging from chat customizations ...

Axios遭供应链投毒攻击(附排查与紧急补救指南)

事件概述2026 年 3 月 31 日,著名云安全平台 StepSecurity 监测到,在 JavaScript 生态系统中最受欢迎的 HTTP 客户端库 Axios(每周下载量超 3 亿次)遭遇了严重的供应链攻击。攻击者劫持了 Axios ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.

Advancing Networking Careers with Cisco Certifications: A Strategic Guide to CCNA and ...

Cisco certifications have long been recognized as a global standard for networking expertise. Over the years, these ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
InfoWorld

Spring AI tutorial: How to develop AI agents with Spring

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.