Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...
Infosecurity Magazine

Hackers Hijack Axios npm Package to Spread RATs

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...
Computing

Hackers compromise Axios, one of the most widely used software libraries

Axios is published and maintained on npm, the default package registry for JavaScript and Node.js projects. It is used to ...
Foreign Affairs

A War’s Unintended Consequences—for Iran, the Middle East, and the Global Order

At a February 2026 gathering to commemorate the revolution that ushered in Iran’s Islamic Republic, the country’s supreme leader, Ayatollah Ali Khamenei, struck a reflective note. He remarked that it ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...