Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Spotify and major record labels are seeking a $322 million default judgment from Anna’s Archive, which hasn’t responded to ...

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.