Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

Why the axios supply chain attack should have Apple worried

Critical digital infrastructure is increasingly maintained by under‑resourced individuals, yet exploits have economic and ...

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop ...

Vite team boasts 10-30x faster builds with Rust-powered Rolldown

Native code build tools now dominate for TypeScript or JavaScript projects Vite 8.0 has been released, and it uses Rust-built ...

Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...

Anthropic just shipped an OpenClaw killer called Claude Code Channels, letting you message it over Telegram and Discord

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the ...

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python ...

Supply chain attack hits Axios npm releases, users urged to rotate keys

Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...