On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Windows has always been a bit of a "take it or leave it" experience, but lately, it feels like we are taking a lot more than we asked for. When you finish a fresh install, you're greeted with a ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

Claude Code可以说是编程人必备的了，没用过的都不好意思说自己是程序员Claude Code很多人用了很久都没发挥它的真正实力 ——不会配置 = 浪费 90% 能力：MCP ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

整理 | 郑丽媛出品 | CSDN（ID：CSDNnews）继上周，每月下载量高达 9700 万的 Python 库 LiteLLM 被投毒后，本周 JavaScript 生态中几乎所有前端开发者都用过的 HTTP 客户端库 Axios 也“惨遭毒手 ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...