The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

JavaScript runtime developed with AI: Edge.js for secure Node.js applications

Securely execute Node.js workloads in WebAssembly sandboxes – that is the goal of the new JavaScript runtime Edge.js.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Node.js updates made easy: OpenJS offers support for companies

The OpenJS Foundation has launched a new program to support companies in switching to current Node.js versions.

New RoadK1ll WebSocket implant used to pivot on breached networks

A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
Unite.AI

OpenAI Releases Codex Plugin That Runs Inside Anthropic’s Claude Code

OpenAI published a Codex plugin on March 30 that installs directly inside Anthropic’s Claude Code, letting developers run code reviews and delegate tasks to Codex without leaving their existing ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
Analytics Insight

Axios Supply Chain Attack Exposes Crypto Wallets to Hidden Malware Risk

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...