Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

Supply chain attack hits 100 million-download Axios npm package

�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
SecurityWeek

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

The DarkSword iOS exploit chain was used by the Russian APT behind the Coruna exploit in attacks targeting Ukraine.

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...

Is Avi Lewis’s NDP doomed? Don’t write the obituary just yet

More than a few voters could find themselves unsatisfied with the Liberals and open to a hard-left turn in future elections ...

Apple patches DarkSword iOS vulnerabilities used to steal iPhone data

A chain of vulnerabilities is letting attackers steal sensitive info from iPhones.
Dark Reading

Interlock Ransomware Targets Cisco Enterprise Firewalls

The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before ...
Computing

Hackers compromise Axios, one of the most widely used software libraries

Axios is published and maintained on npm, the default package registry for JavaScript and Node.js projects. It is used to ...
Infosecurity Magazine

CISA Orders US Government to Patch Maximum Severity Cisco Flaw

The US Cybersecurity and Infrastructure Security Agency (CISA) has told all federal civilian agencies to patch a critical ...