The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
腾讯网

谷歌将Axios npm供应链攻击归因于朝鲜APT组织UNC1069

谷歌威胁情报团队将近期Axios npm软件包供应链攻击事件归因于代号UNC1069的朝鲜黑客组织。该攻击以经济利益为目标,通过污染Axios软件包来针对依赖该库的开发者与组织。 谷歌威胁情报分析师John ...

Claude Code 泄露的代码里,处处写着:这家公司人品不行

事情的起点,是 npm 上发布的 Claude Code 2.1.88 安装包。包里混进了一个本不该公开的 map 文件。这类文件原本只是开发阶段的调试工具,用来在代码被压缩、打包之后,依然能把报错信息对应回原始源码中的具体位置。