The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

Atlanta Public Schools, Fulton officials hesitant to extend TADs

Representatives from Fulton County and Atlanta Public Schools are hesitant to set aside revenue for Mayor Andre Dickens' plan ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

That new White House app looks all sorts of problematic under the hood

Last week, the current US administration decided to distract everyone a little bit from the illegal war it’s waging by ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

AI finds critical ImageMagick vulnerabilities in default configurations

An AI pentesting tool has discovered critical vulnerabilities in default ImageMagick configurations. Workarounds offer ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
AARP

Actor Lisa Kudrow, 62, on the Best Part of Getting Older

Kudrow is closing out The Comeback, the HBO series she cocreated, cowrote and starred in across three seasons and lasted more ...