Search results for Axios

Axios, Super Popular NPM Package, Was Compromised in Attack on the Module’s Maintainer

StepSecurity: If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised. There are zero lines of malicious code inside axios itself, and that’s exa...

The axios breach shows how fragile the npm supply chain remains

A North Korean threat actor has targeted the widely-used JavaScript library axios in a significant supply chain attack, raising concerns for users' security.

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads. The North Korean state actor Sapphire S...

Critical Axios Vulnerability Enables Remote Code Execution, PoC Released

A critical security vulnerability has been discovered in Axios, one of the most widely used HTTP client libraries, exposing applications to Remote Code Execution (RCE) and full clo...

Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now

How a simple hostname comparison flaw in Axios can let attackers bypass your proxy protection entirely and what to do about it. A Security Alert Landed in MyВ Inbox A G...

Cybersecurity Threat Advisory: Axios NPM compromised by supply chain attack

The widely used HTTP client Axios was compromised recently in an incident that many researchers are attributing to a North Korean–linked cyberattack. Attackers gained access to the...

Axios npm compromise traced to targeted social engineering attack

The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers...

Axios Bets That AI Can Make Local News Pay, One Market at a Time

After hitting its first-half revenue goals early, the publisher is resuming expansion of its local program, with OpenAI helping foot the bill.

ダウンロード数1億超、人気ライブラリ「Axios」を襲ったサプライチェーン攻撃　発端は巧妙なアカウント乗っ取り

オープンソースのJavaScript HTTPクライアント「Axios」に不正なコードを仕込んで流通させるサプライチェーン攻撃が発生した。MicrosoftやGoogleは、北朝鮮の集団が関与する極めて巧妙な攻撃だ...

Axiosマルウェア問題、北朝鮮の攻撃グループが関与か　マイクロソフトが情報公開

マイクロソフトは4月1日、オープンソースのJavaScript HTTPクライアント「Axios」にマルウェアが組み込まれていた問題について、主な手口と犯行グループに関する情報を公開した。

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned ver...

「Axios」にとどまらないオープンソース攻撃　信頼を悪用するだましの手口

オープンソースのJavaScript HTTPクライアント「Axios」に不正なコードが仕込まれたサプライチェーン攻撃。発端となったソーシャルエンジニアリングの手口が明らかになったことで、標的はAxios...

Axios и проблема зависимостей

Как взлом одного npm-аккаунта за 3 часа распространил RAT на 174 000 пакетов и почему стандартные инструменты вроде NPM Audit это не поймали. Разбираем инцидент с Axios: механику а...

OpenAI confirms limited exposure tied to Axios npm breach

OpenAI has detailed its limited exposure to the Axios npm supply chain attack, affirming that user data remains secure amid ongoing investigations.

Как DNS-фильтрация защитила от компрометации axios в реальном кейсе

31 марта 2026 года один из самых популярных npm-пакетов в мире превратился в оружие. Разбираем, как устроена атака на цепочку поставок через axios, почему классические средства защ...

npm, 31 марта: RAT в Axios и полмиллиона строк Claude Code на GitHub

Просыпаюсь утром, открываю ленту - и сразу два инцидента. Оба про npm. Оба серьёзные. И оба произошли в один день.Первый - в Axios (да, тот самый, который стоит вообще везде) три ч...

OpenAI says a GitHub workflow used to sign its macOS apps downloaded a malicious Axios library on March 31, but no user...

Sam Sabin / Axios: OpenAI says a GitHub workflow used to sign its macOS apps downloaded a malicious Axios library on March 31, but no user data or internal system was compromised ...

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We...

US security agency is using Anthropic’s Mythos despite blacklist, Axios reports

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project

The threat actor targeted a highly popular open source project with more than 100 million weekly downloads, creating a large "blast radius."

Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps

Microsoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North...

US security agency is using Anthropic's Mythos despite blacklist, Axios reports

Hackers Hijack Axios npm Package to Spread RATs

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn

The Dysfunctional Media Nominations: Sexist Rescue Missions, Pets Make You MAGA, and a Virile Trump Photo