A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Engineers from OLX reported that a single-line modification to dependency requirements allows developers to exclude unnecessary GPU libraries, shrinking contain ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...