A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Israel says its military will keep striking Hezbollah targets in southern Lebanon, with Iran warning of a "severe" response ...

The requested changes are related to the Strait of Hormuz and the removal of highly enriched uranium, according to US media.

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named ...

The naming and timing of this package suggest it was intentionally published to resemble a legitimate cryptography library, likely to confuse or deter researchers during our initial analysis. Sonatype ...