Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
Cybernews

Venom Stealer touts fully automated malware pipeline for $250 a month, bypasses browser ...

Venom Stealer is a new malware-as-a-service tool using ClickFix scams to steal credentials, hijack sessions and automate ...
Dark Reading

The Forgotten Endpoint: Security Risks of Dormant Devices

The forgotten endpoint problem isn't a sophisticated supply chain attack or a novel vulnerability. It's basic blocking and ...
Windows Latest

Microsoft to upgrade Windows Subsystem for Linux (WSL) with faster file access, better ...

Microsoft plans major WSL improvements in Windows 11 2026, with faster file performance, better networking, and easier setup ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
MUO on MSN

I've tried every Windows launcher — and this is the first one that actually changed how I ...

I’ve used plenty, but this one rewired my daily workflow.

Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...