Supply chain attacks feel like they're becoming more and more common.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

JFrog reports Telnyx PyPI package was poisoned with malware by TeamPCP Malicious update delivered hidden .wav payload that ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Stop letting AI pick your passwords. They follow predictable patterns instead of being truly random, making them easy for ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...