On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

事件概述2026 年 3 月 31 日，著名云安全平台 StepSecurity 监测到，在 JavaScript 生态系统中最受欢迎的 HTTP 客户端库 Axios（每周下载量超 3 亿次）遭遇了严重的供应链攻击。攻击者劫持了 Axios ...

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

今日，Axios这个年下载量超36亿、JavaScript 生态最核心的依赖之一，在 npm ...

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Apple says its Lockdown Mode is designed to protect high-risk iPhone users from sophisticated surveillance tools, and ...