Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

DarkSword iOS exploit chain adopted by multiple threat actors: Report

Google Threat Intelligence Group (GTIG), Lookout Threat Labs, and iVerify published coordinated research in March 2026 on ...
Cryptopolitan on MSN

GhostClaw targets developers to extract crypto wallet access

A new malware dubbed GhostClaw is targeting crypto wallets on macOS machines. The fake OpenClaw installer captures private ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...
Cybernews

AI developers lured by fake crypto prize as phishers weaponize GitHub

While the creator of the AI agent platform OpenClaw banned the mention of bitcoin (BTC) and other crypto assets on its Discord channel, crypto scammers are now targeting developers on GitHub, aiming ...

JavaScript devs beware: this popular NPM package has been compromised by attackers

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...