Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Alleged North Korean Hack Of US Companies Could Take 'Months' To Recover From

Discover the details of the North Korean hack on Axios software. We explain how the UNC1069 group is stealing US ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
The Hacker News

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.
Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...

North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a ...
MIT Technology Review

The one piece of data that could actually shed light on your job and AI

“We need a Manhattan Project for this,” one economist says. This story originally appeared in The Algorithm, our weekly ...
The Guardian

Why is the FBI buying people’s location data and how is it using the information?

FBI director revealed agency had resumed buying private information en masse in possible constitutional violation Kash Patel’s disclosure on Wednesday that the FBI has resumed buying location data on ...
CNN

North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt

Suspected North Korean hackers have bugged a software package that has been used by thousands of US companies in a major supply-chain attack that could take months to recover from, security experts ...