SecurityWeek

North Korean Hackers Target High-Profile Node.js Maintainers

The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
TheServerSide

How to install Visual Studio Code for Java

The Java ecosystem has historically been blessed with great IDEs to work with, including NetBeans, Eclipse and IntelliJ from JetBrains. However, in recent years Microsoft's Visual Studio Code editor ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

Microsoft Defender Experts has observed the Contagious Interview campaign, a sophisticated social engineering operation active since at least December 2022. Microsoft continues to detect activity ...
TechRepublic

Fake Claude Code Spreads Malware to Windows, macOS Users

Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages. Security researchers at ...
Dark Reading

'InstallFix' Attacks Spread Fake Claude Code Sites

A new variation of the ClickFix technique is capitalizing on the popularity of Anthropic's Claude Code and other AI coding tools. Researchers at Push Security discovered the threat campaign, which ...