On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Google Chrome and other Chromium-based browsers, including Edge and Vivaldi, could soon get native support for video and ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls ...

In 2025, Google fixed a total of eight zero-days exploited in the wild, many of which were discovered and reported by ...

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

Fake CAPTCHA pages can install the StealC infostealer. Don't paste or run commands; disconnect and change passwords.

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios maintainers.