A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

AI recruiting startup Mercor confirms supply chain attack via LiteLLM library compromise. Hackers claim 4TB of data including ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

TeamPCP strikes again, with almost identical code to LiteLLM.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Engineers from OLX reported that a single-line modification to dependency requirements allows developers to exclude unnecessary GPU libraries, shrinking contain ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...