OpenClaw又又又危!Axios npm被投毒,植入全平台木马

今日,Axios这个年下载量超36亿、JavaScript 生态最核心的依赖之一,在 npm ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

紧急安全预警|axios 供应链投毒事件复盘:影响亿级项目,全网自查 ...

近日,前端与Node.js生态中广泛使用的 axios库遭遇了一次严重的 供应链投毒攻击,波及范围极广。 攻击者并非利用代码漏洞,而是直接入侵了维护者账号,发布了恶意版本。 这次事件对开发者的影响深远,值得所有开发者警惕。 axios作为前端和 Node.js开发中最常用的 HTTP 请求库,其重要性不言而喻。 此次事故并非库本身逻辑缺陷,而是账号权限失守引发的恶意投毒,危害直接且传播极快。 一、 ...
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...