txtfeed
VentureBeat1 min read

Hackers slipped a trojan into the code library...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a cross-platform remote access trojan. The malicious releases target macOS, Windows, and Linux. They were live on the npm registry for roughly three hours before removal.Axios gets more than 100 million downloads per week. Wiz reports it sits in approximately 80% of cloud and code environments, touch
Read original on venturebeat.com
0
0

Comment

Sign in to join the discussion.

Loading comments…

Related

r/startups1 min

Linear just announced "Issue Tracking is...

So we've been obsessing over "the moat" at my startup lately. It's the classic question: what actually protects us long-term? Nothing tunes the senses on this like watching somene else's moat disappear. In our weekly eng meeting, we were figuring out how to handle customer bug reports post-launch. One idea was routing them straight to Linear for triage. Normal stuff. We tabled it. More important stuff to do. Here's the thing though, my co-founder has basically stopped using Linear. We have a coo

reddit.com
19
9
Stratechery

Spring Break

Stratechery is on a bit of a disjointed Spring Break, as my usual week off will be spread out: I will return to my usual posting schedule on Tuesday, March 31. All other Stratechery Plus content, including my podcasts, will stay on schedule.

stratechery.com
0
0

Get the 10 best reads every Sunday

Curated by AI, voted by readers. Free forever.

Liked this? Start your own feed.

0
0