A recently discovered Remote Access Trojan in the widely used Axios library puts millions of JavaScript developers at risk.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Israel says its military will keep striking Hezbollah targets in southern Lebanon, with Iran warning of a "severe" response ...

The requested changes are related to the Strait of Hormuz and the removal of highly enriched uranium, according to US media.

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named ...

The naming and timing of this package suggest it was intentionally published to resemble a legitimate cryptography library, likely to confuse or deter researchers during our initial analysis. Sonatype ...