A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

The launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...

Clinical trial data reviewed by NICE shows that semaglutide reduced the risk of serious cardiovascular events, including ...

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and scaffolding for an unreleased agent.

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...