Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...

The tactical sequence here is worth breaking down because it reveals a deliberate two-stage approach. First, the attackers did not try to brute-force their way into npm infrastruc ...

Google's security researchers have submitted a report investigating the Axios JavaScript library's supply chain attack that resulted in the installation of a remote access Trojan. Google has concluded ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

What we know so far: Anthropic is facing renewed scrutiny from the AI and security communities after internal source code for Claude Code – its fast-growing agentic development environment – was ...