A major software supply chain attack has struck the JavaScript ecosystem after threat actors slipped a malicious dependency into the widely used axios NPM package. The poisoned releases, axios 1.14.1 and 0.30.4, pulled in plain-crypto-js and quietly delivered the WAVESHAPER.V2 backdoor to Windows, macOS, and Linux systems during installation. The incident is serious because axios
The post North Korean Hackers Compromise Widely Used Axios Package to Infect Windows, macOS, and Linux Systems appeared first on Cyber Security News. Read More
Posted inNews