攻撃の手口は?axios改ざんとマルウェアの仕組み

標的プラットフォームはWindows、macOS、Linuxとされ、主要なプラットフォームをすべて侵害可能とされる。そのため、当該バージョンのaxiosを直接インストールした場合や、axiosを利用しているパッケージや製品をインストールした場合は侵害 ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

不可視文字でマルウエア混入 GitHubなどで汚染拡大、開発基盤の信頼 ...

不可視の属性を持つUnicode(ユニコード)文字をコードに埋め込んで、悪意あるプログラムを実行させる新手の攻撃手法「GlassWorm(グラスワーム)」が急拡大している。攻撃者は、GitHubで多数の開発者が参画する開発プロジェクトなどで善意を装い ...
Startup Fortune

North Korean Hackers Weaponize Axios Software to Target US Crypto Firms

North Korean hackers compromised the widely used Axios JavaScript library to infiltrate US companies and steal cryptocurrency ...

Claude Code unintentionally open source: Source map reveals all

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm ...

Video: Imagining of the upcoming Trump library shows off the sheer grand scale of the thing

Video: Imagining of the upcoming Trump library shows off the sheer grand scale of the thing. The colossal build will stand ...

Trump interested in calling on Arab states to help pay for Iran war, White House says

White House Press Secretary Karoline Leavitt said US President Donald Trump would be interested in calling on Arab countries ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Security Boulevard

Axios supply chain attack chops away at npm trust

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...