North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security firm Socket advised developers to check dependencies for affected Axios versions and remove or roll back compromised ...
PCMag

Hacker Tries to Spread Malware to Millions by Hitting 'Axios NPM' Software

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Entire Claude Code CLI source code leaks thanks to exposed map file

The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been ...
The Tech Edvocate

Axios Supply Chain Attack Unveils Risks of Malicious Dependencies in Open Source Software

Spread the loveIn a significant cybersecurity incident, the popular HTTP client Axios became the target of a supply chain attack on March 31, 2026. This attack involved the compromise of an npm ...
SecurityWeek

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

When researchers found an obfuscated token while examining the relationship between OpenAI Codex and GitHub, they took notice ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.
The New York Times

To Address Farm Labor Shortage, Trump Administration Turns to Migrant Workers

As the president’s immigration policies squeeze an already tight supply of farm labor, the Trump administration is making it cheaper to hire foreign farmworkers. The Trump administration has changed ...