Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Tom's Hardware on MSN

One of JavaScript's most popular libraries compromised by hackers

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...
TidBITS

macOS 26.4’s Script Editor Won’t Open Some Older AppleScripts

After upgrading to macOS 26.4, some users found Script Editor refusing to open certain older AppleScripts—even though most of the scripts still ran fine from apps like BBEdit. Here’s how to fix ...
IEEE

Exploit Linux VIM Configuration Backdoor and Mitigation : Strategies to run scripts via a VIM backdoor and mitigation techniques

Abstract: The Vim text editor, due to its significant scripting capabilities (Vimscript) and legitimate features like modeline and autocmd, presents a unique attack surface often overlooked by ...
Bleeping Computer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

Update: Added Wikimedia Foundation's statement below and made a correction to denote it was only the Meta-Wiki that was vandalized. The Wikimedia Foundation suffered a security incident today after a ...