腾讯网

Claude Code 泄露同一天,Axios 惨遭史上最大投毒,朝鲜出品

朝鲜这个国家,在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力,一直被严重低估。从 2014 年的索尼影业攻击,到 2017 年的 WannaCry 勒索病毒,再到这次对 npm 生态的精准打击,朝鲜黑客的技术水平和作战纪律一点也不「落后 ...

OpenClaw又又又危!Axios npm被投毒,植入全平台木马

今日,Axios这个年下载量超36亿、JavaScript 生态最核心的依赖之一,在 npm ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Supply chain attack hits Axios npm releases, users urged to rotate keys

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...
Cybernews

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

The Axios Hack: How a single compromised account put millions of developers at risk

What makes this attack so unsettling is that all the hackers had to do was just steal the password of one of the axios maintainers.