Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

Node-forge cryptography library flaw (CVE-2025-12816) allowed bypass of signature and certificate validation CERT-CC warns of risks including authentication bypass and signed data tampering ...

A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, ...

The React team published a fix on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack, to upgrade immediately. There has been a recent ...

Despite a big push over the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures ...