Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
The campaign is stealing credentials from unpatched servers at scale, due to “neglect and efficiency,” says analyst, and the ...
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
An AI agent just autonomously exploited a FreeBSD kernel vulnerability in four hours, signaling a fundamental shift in the ...
The Information Security Forum (ISF) is an independent, not-for-profit association of leading global organisations who recognise the importance of protecting their business information. We provide ...
A separate mitigation is to enable Error Correcting Codes (ECC) on the GPU, something Nvidia allows to be done using a ...
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results