On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

Microsoft warns of a malware campaign that delivers malicious software via WhatsApp messages and compromises systems.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

There’s a new scam to look out for in a place you wouldn’t expect. Security experts at the Identity Theft Resource Center ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...

Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious ...

Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger ...