UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Wasm, PGlite, OPFS, and other new tech bring robust data storage to the browser, Electrobun brings Bun to desktop apps, ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team.
North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results