Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Mercor says it has been impacted by the LiteLLM supply chain attack as Lapsus$ has auctioned 4TB of data allegedly stolen ...

Suspected North Korean hackers are believed to be behind an ongoing compromise of the widely used open-source package Axios, ...

ShinyHunters breached Anodot, stealing Snowflake tokens Attack hit more than a dozen Snowflake customers Group claims data ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions ...

Kaspersky's recent study on supply chain and trusted relationship risks showed that supply chain attacks have emerged as a ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...