Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Why the axios supply chain attack should have Apple worried

Critical digital infrastructure is increasingly maintained by under‑resourced individuals, yet exploits have economic and ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions ...
The Financial Express

Somebody publicly posted an iPhone hack kit that puts millions of you at risk

Once a victim is exposed to a malicious link, the exploit gains filesystem access and exfiltrates data to an ...
PCMag on MSN

Update your iPhone now: New 'DarkSword' hack targets older iOS 18 versions

Beware! Shadowy attackers have been using an iOS exploit to hack vulnerable devices.

'I was naive,' says minister who quit over Labour Together claims

Josh Simons resigned after facing claims a think tank he used to run commissioned a report into journalists' backgrounds.
GovInfoSecurity

Cryptohack Roundup: AppsFlyer SDK Breach Enabled Theft

This week, the AppsFlyer SDK breach, JPMorgan sued over ties to a Ponzi scheme, the OFAC sanctioned a network tied to North ...

iPhone exploit DarkSword has been released in the wild: How to protect yourself

Uh-oh. Now anyone can easily use it.

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...