The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Suspected North Korean hackers have compromised Axios, one of the most widely used JavaScript libraries in American software development, by hijacking a maintainer’s npm account and publishing tainted ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

A stone-and-brick reservoir, believed to be over 1500 years old, has been unearthed on Elephanta Island, showing how ancient ...

近日，一份致 Node.js 技术委员会（TSC）的请愿书引起了广泛关注。短短几天，已有超过百名开源开发者、前端工程师和程序员签署，他们呼吁“ Node.js 社区应禁止 AI 生成的代码进入核心仓库 ”，将社区内部的分歧彻底摆上台面。

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios maintainers.

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...