Supply Chain Attack on Axios Pulls Malicious Dependency from...

Simon Willison’s Weblog Simon Willison Apr 3, 2026

755 posts tagged ‘javascript’.

0 inbound links website en jquery 101nodejs 68quora 1005security 604ajax 61css 236ai 2026llms 1759dojo 40recovered 213

Supply chain attacks in the AI era: the state of open source in 2026

XergioAleX - CTO & Co-founder at DailyBot (YC S21) Sergio Alexander Florez Galeano May 19, 2026

In 18 months, npm, PyPI, RubyGems, Maven and Crates have all shipped malware. AI is accelerating both sides of the playbook. A tour of what's happening, with the defensive baseline at the end.

0 inbound links article en Tech supply chain attack 2026npm pnpm minimumReleaseAgeShai-Hulud wormtj-actions changed-files CVE-2025-30066slopsquattingaxios npm compromise 2026Bitwarden CLI malicious 2026.4.0TanStack npm postmortemPyPI Trusted Publishingopen source security 2026

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

GitHub Axios Apr 2, 2026

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

14 inbound links object en issue:4195231282

Google links axios supply chain attack to North Korean group

The Record Jonathan Greig Mar 31, 2026

Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. SentinelOne found the same group using macOS-based malware in attacks dating back to 2023.

2 inbound links website en

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The Hacker News The Hacker News Mar 31, 2026

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying cross-platform RAT malware.

5 inbound links article en Article

Cooldown periods for package updates

Marek Šuppa Marek Šuppa Mar 31, 2026

Personal site of Marek Šuppa — writing, teaching, and learning.

0 inbound links article en securitysupply-chainnpmpythonuvpnpmbun

» north korean hacker group UNC1069 using social engineering to get access: axios npm for nodejs: software minimalism please and another javascript security problem (this time social engineered supply chain attack)

dwaves.de Admin Apr 4, 2026

Why keep all your results to yourself? - Blog with howtos and public free software and hardware OpenSource searchable knowledgebase about Linux and OpenSource - with a touch security, politics and philosophy.

0 inbound links en OpenSourceOpenSourceLinuxalternativasAndroidPHPTerminalBashScriptsGNUMySQLLinux-GNUDebianhackingHardwareinternetApplePolitikpoliticsSicherheitsecuritycybersecuritycyberencryptionhacktivismSPAMmailserverdatabasecybercrimefailfsfgnometechnologymailserverSoftwarestartupsstoragefilesystemsvirtualboxvirtualizationWebDevHTMLWebDevelopmentwordpressphilosophyunix CC BY-ND 3.0

Why “Trusted Publishing” Can’t Save Us from Social Engineering

Adventures in Nodeland Matteo Collina May 2, 2026

Unmasking the risky illusion of npm's "trusted publishing" amidst recent cyber attacks.

0 inbound links website en

Simon Willison on security

Simon Willison’s Weblog Simon Willison May 4, 2026

602 posts tagged ‘security’.

0 inbound links website en ai 2016llms 1751generative-ai 1785prompt-injection 147xss 60exfiltration-attacks 43javascript 755csrf 54phishing 54python 1250

[tl;dr sec] #322 - GitHub's Supply Chain Roadmap, Scaling Vulnerability Management with AI, Finding Vulnerabilities Across Repos

Tl;Dr Sec Clint Gibler Apr 2, 2026

GitHub's plan to harden GitHub Actions and supply chain security, automating and scaling SAST and SCA vuln management, OSS tool that uses AI agents to reason about vulns across repos

0 inbound links article en software engineeringartificial intelligencecybersecurity