The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
IndianWeb2

Cloudflare Launches EmDash as WordPress Alternative with Built‑In Security and Payments

EmDash, the secure serverless CMS successor to WordPress, fixes plugin risks and empowers global publishing in the AI era.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Slate

What Could Go Wrong?

This essay is adapted from Monsters: The Hindenburg Disaster and the Birth of Pathological Technology, by Ed Regis, published by Basic Books. A pathological technology is a triumph of emotional ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
ProPublica

ProPublica — Investigative Journalism and News in the Public Interest

Support journalism that speaks truth to power.