Fireship on MSN
The silent threat: Axios library exposes developers
A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...
If you are a JavaScript developer, you’re likely familiar with Axios, the popular library with over 80 million weekly downloads. Developers use Axios to make network requests, handle form submissions, ...
On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named ...
The naming and timing of this package suggest it was intentionally published to resemble a legitimate cryptography library, likely to confuse or deter researchers during our initial analysis. Sonatype ...
To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The move, part of a partnership ...
To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The del is the first for the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results