CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Tom's Hardware on MSN

One of JavaScript's most popular libraries compromised by hackers

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...
Cybernews

Venom Stealer touts fully automated malware pipeline for $250 a month, bypasses browser encryption

Venom Stealer is a new malware-as-a-service tool using ClickFix scams to steal credentials, hijack sessions and automate ...
Cybernews

Everest increases pressure on Nissan, but desperation creeps in

In an extremely detailed post on its dark web site, Everest claims that it’s not releasing Nissan’s customer personal data just yet. However, it’s threatening to do so if the company doesn’t give in t ...
NetEye Blog

Abusing trust boundaries between TLS and HTTP

When the access control decision is made at the TLS layer but the routing decision is made at the HTTP layer, you’re ...