Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

继上周，中几乎所有前端开发者都用过的 HTTP 客户端库 Axios 也“惨遭毒手”： 两个官方版本被植入后门，只要在窗口期执行过 npm install，黑客就能拿到你设备的完整控制权。

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...

The forgotten endpoint problem isn't a sophisticated supply chain attack or a novel vulnerability. It's basic blocking and ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

I’ve used plenty, but this one rewired my daily workflow.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...