なぜ「axios」は侵害されたのか?

人気のJavaScriptライブラリ「axios」が侵害された。北朝鮮に関係するとみられる脅威グループ「UNC1069」は、SlackやMicrosoft ...

攻撃の手口は?axios改ざんとマルウェアの仕組み

標的プラットフォームはWindows、macOS、Linuxとされ、主要なプラットフォームをすべて侵害可能とされる。そのため、当該バージョンのaxiosを直接インストールした場合や、axiosを利用しているパッケージや製品をインストールした場合は侵害 ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...
CoinTelegraph

Crypto users urged to take extreme care as NPM attack hits core JavaScript libraries

The breach hit core JavaScript libraries such as chalk and strip-ansi, downloaded billions of times each week, raising alarms over the security of open-source software. Hackers have compromised widely ...
Computing

JavaScript NPM library with 3 million weekly downloads exposed apps to hijacking

Pac-Resolver, a widely used NPM library, has received a patch to address a high-severity remote code execution (RCE) bug that could allow malicious actors to hijack a Node.js process via a corrupted ...
Bleeping Computer

NPM supply-chain attack impacts hundreds of websites and apps

An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As ...
Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by bitcoin wallets. A major NPM developer, qix, has had their account compromised.
Degital PR Platform

GitHub、Node.jsのパッケージ管理とJavaScriptの開発エコシステムを提供 ...

オープンソースプロジェクトおよびビジネスユースを含む、ソフトウェアの開発プラットフォームを提供するGitHub, Inc ...