North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Axios is published and maintained on npm, the default package registry for JavaScript and Node.js projects. It is used to ...

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents ...