Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Bleeping Computer

New 'Zombie ZIP' technique lets malware slip past security tools

Update: Article updated with comments from security researchers who believe this should not be considered a vulnerability. Update 2: CERT has retracted its bulletin and MITRE has rejected the CVE on ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...