人気ライブラリの供給網攻撃、スマホ決済を狙うフィッシング、家庭用ルータの脆弱性――先週はソフトウェアから個人利用サービス、ネットワーク機器まで幅広い領域でセキュリティリスクが顕在化した。中でもaxiosを狙った攻撃は開発環境そのものを侵害する可能性が ...

マイクロソフトは4月1日、オープンソースのJavaScript HTTPクライアント「Axios」にマルウェアが組み込まれていた問題について、主な手口と犯行グループに関する情報を公開した。 同社は今回の攻撃について、改変版を作成したアカウントの関連付け情報をもとに、北朝鮮の攻撃グループ「Sapphire Sleet」が関与したと結論づけている。

In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The most widely used JavaScript HTTP library on the internet — embedded in millions of production applications, relied on by ...

Spread the loveIn a significant security incident that has sent shockwaves through the developer community, a North Korean state-sponsored hacking group has successfully compromised the popular Axios ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

It's unclear how widespread the damage is from the recent axios hack involving North Korean malware, Microsoft Teams, Slack, ...

Another supply chain security threat emerged this week with the compromise of Axios. It is a popular JavaScript HTTP library, but for three hours, it ...

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...

Javascript is required for you to be able to read premium content. Please enable it in your browser settings.

Evolv Technologies Holdings, Inc. (NASDAQ: EVLV), a leading security technology company pioneering AI-based solutions designed to help create safer experiences, today announced that the Company will ...