Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

H33 Launches HICS for Free: The First Trust-less Software Scoring Tool with Post Quantum Cryptographic Proof

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...
winbuzzer.com

Anthropic Leaks Claude Code Source via Npm Source Map

A packaging error revealed Anthropic’s entire Claude Code codebase, spanning nearly 1,900 TypeScript files and over 512,000 ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

When somebody sends you a document as an attachment, don't just open it. Use the free tool Dangerzone to scrub it clean of ...
The Register-Herald

Open house: Cleveland's downtown arena part of unique listing on Redfin

The home of the Cleveland Cavaliers is part of what could be the largest-ever listing on a real estate site. Rocket Arena was ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...