A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...
The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). 1 ...
Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. After inviting Saayman to a Slack ...
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it ...
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers ...
Another supply chain security threat emerged this week with the compromise of Axios. It is a popular JavaScript HTTP library, but for three hours, it served to publish cross-platform Remote Access ...
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors ...
近日,前端与Node.js生态中广泛使用的 axios库遭遇了一次严重的 供应链投毒攻击,波及范围极广。 攻击者并非利用代码漏洞,而是直接入侵了维护者账号,发布了恶意版本。 这次事件对开发者的影响深远,值得所有开发者警惕。 axios作为前端和 Node.js开发中最 ...
On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
今日,Axios这个年下载量超36亿、JavaScript 生态最核心的依赖之一,在 npm 仓库遭遇供应链投毒。相关风险已传导至OpenClaw,在北京时间3月31日8:00-12:00期间正常安装使用OpenClaw时,会因上游依赖被污染而被动接触并感染恶意代码。 恶意版本1.14.1与0.30.4会自动下载并 ...
Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked maintainer account is behind the attack. The compromised versions silently ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果