A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Axios output in Q1 was down 22% compared to a year earlier but page views were up 30%. By Charlotte Tobitt Axios head of news Ben Berkowitz and Iran anchor page on Axios website pictured on 1 May 2026 ...

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Axios co-founder Jim VandeHei. Jim VandeHei is taking Axios’ obsession with smart brevity ...

Google's security researchers have submitted a report investigating the Axios JavaScript library's supply chain attack that resulted in the installation of a remote access Trojan. Google has concluded ...

A significant supply chain attack has targeted the widely used Axios JavaScript library. Malicious updates, released after an npm account hijack, introduced a cross-platform remote access Trojan ...

A supply-chain attack on the widely used Axios JavaScript library has raised fresh concern over the fragility of open-source software distribution after attackers slipped malicious code into two ...

State-backed hackers compromised a widely used open-source JavaScript library, turning routine software updates into a delivery mechanism for attacks aimed at US companies and cryptocurrency assets.