Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

Venom Stealer is a new malware-as-a-service tool using ClickFix scams to steal credentials, hijack sessions and automate ...

The forgotten endpoint problem isn't a sophisticated supply chain attack or a novel vulnerability. It's basic blocking and ...

I’ve used plenty, but this one rewired my daily workflow.

开发者广泛使用的Axios HTTP客户端库这一Java组件最近遭到黑客攻击，通过被入侵的账户分发恶意软件。

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.