Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to ...
�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls ...
Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...
The plugin allows developers to run Codex reviews and delegate tasks directly within Anthropic’s Claude Code environment ...
Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...
OpenAI published a Codex plugin on March 30 that installs directly inside Anthropic’s Claude Code, letting developers run code reviews and delegate tasks to Codex without leaving their existing ...
Lymphatic massages are all the rage in wellness communities. But medical experts warn that not everyone should be getting ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results