Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
eWeek

Google Adds One-Click Chatbot Migration

Uploads bring prompts and responses, but not project files, attachments, or AI-generated images. The rollout skips the UK, ...

CNCF's Dapr Agents Tackles The Problem Most AI Frameworks Ignore

CNCF launches Dapr Agents v1.0 at KubeCon EU, prioritizing crash recovery and durability over intelligence. Zeiss validates ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...