In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...

It's unclear how widespread the damage is from the recent axios hack involving North Korean malware, Microsoft Teams, Slack, ...

Spread the loveIn a significant security incident that has sent shockwaves through the developer community, a North Korean state-sponsored hacking group has successfully compromised the popular Axios ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Another supply chain security threat emerged this week with the compromise of Axios. It is a popular JavaScript HTTP library, but for three hours, it ...

マイクロソフトは4月1日、オープンソースのJavaScript HTTPクライアント「Axios」にマルウェアが組み込まれていた問題について、主な手口と犯行グループに関する情報を公開した。 同社は今回の攻撃について、改変版を作成したアカウントの関連付け情報をもとに、北朝鮮の攻撃グループ「Sapphire Sleet」が関与したと結論づけている。

Research shows AI agents are 20–40% less likely to select products when key information is missing – making accessible, ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...