Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

セキュリティニュースアラート： Jenkinsに複数の深刻な脆弱性　アップデートが難しい場合の暫定策は？ Jenkins CIはコアおよびプラグインの脆弱性を公表した。アーカイブ展開時の任意ファイル書き込みやCLIの検証不備、APIキーの平文保存などが含まれる。RCEの恐れもあり、最新版への速やかな更新と認証設定の再確認が求められる。（2026/3/24） ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

The malicious releases were available for about three hours before they were removed, but the brevity of the window has done little to calm alarm because Axios is one of the most heavily used HTTP ...

高品質な専門家インタビューを大規模に提供：MCPを通じてアクセスでき、クライアントの業務フローに組み込むことが可能。 ニューヨーク, 2026年3月28日 /PRNewswire/ — Guidepointは本日、同社のトランスクリプト・ライブラリに収録された専門家インタビュー数が10万件を突破し、独自インサイトの深さと広がりがさらに拡大したと発表しました。このデータセットは、Guidepoint ...

Security firm Socket advised developers to check dependencies for affected Axios versions and remove or roll back compromised ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...