Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

Security researchers at Malwarebytes have uncovered a new malware campaign targeting Windows users with a fraudulent clone of Microsoft's site.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.

In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...