Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.
MIT Technology Review

Nurturing agentic AI beyond the toddler stage

The promise of autonomous agentic AI requires significant changes in the governance landscape. Provided byIntel Parents of young children face a lot of fears about developmental milestones, from ...
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Hosted on MSN

Burger chain apologizes for massive anniversary flop, promises redo

From news to politics, travel to sport, culture to climate – The Independent has a host of free newsletters to suit your interests. To find the stories you want to read, and more, in your inbox, click ...
NBC News

Anthropic sues Trump administration in AI dispute with Pentagon

Anthropic sued the Defense Department and other federal agencies Monday after the Pentagon labeled it a threat to national security and President Donald Trump moved to sever the government's ties with ...
TechCrunch

Anthropic to challenge DOD’s supply chain label in court

Dario Amodei said Thursday that Anthropic plans to challenge the Department of Defense’s decision to label the AI firm a supply chain risk in court, a designation he has called “legally unsound.” The ...
Bloomberg L.P.

Crypto’s 24-Hour Promise Gets a Geopolitical Reality Check

Bitcoin has long been promoted as offering something other markets cannot: a 24-hour, real-time read on global risk. Instead, it made a round trip. The token fell when news of US strikes on Iran broke ...