GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Reducing energy costs without new capital investment: PG&E’s tool lending library for ...

The Tool Lending Library is a free program that gives PG&E customers access to a wide range of professional‑grade energy and ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
The Japan Times

North Korea hackers suspected of attack on widely used software tool

Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous software package, cybersecurity ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...
InfoWorld

How Apache Kafka flexed to support queues

The latest release of Apache Kafka delivers the queue-like consumption semantics of point-to-point messaging. Here’s the how, ...

How AI has suddenly become much more useful to open-source developers

How AI has suddenly become much more useful to open-source developers ...
Cybernews

North Korean hackers behind axios critical supply chain attack, Google says

According to Google researchers, a North Korean group tracked as UNC1069 has previously targeted cryptocurrency and ...