4月10日,国家网络安全通报中心发出紧急提醒:国家通报中心监测发现,近期集中爆发多起供应链投毒攻击事件,攻击目标包括API研发工具Apifox、Python开发库LiteLLM以及JavaScript HTTP库Axios,涉及开源软件仓库和商用工具两大核心供应链场景。其中,Axios投毒事件因OpenClaw等大量AI应用及插件生态直接依赖该库,导致风险通过依赖链向终端用户进一步蔓延。 三起供应 ...
格隆汇 on MSN
国家网络安全通报中心:近期集中爆发多起供应链投毒攻击事件 涉及 ...
格隆汇4月10日|据国家网络安全通报中心消息,国家通报中心监测发现,近期集中爆发多起供应链投毒攻击事件,攻击目标包括API研发工具Apifox、Python开发库LiteLLM以及JavaScript ...
The most widely used JavaScript HTTP library on the internet — embedded in millions of production applications, relied on by ...
Spread the loveIn a significant security incident that has sent shockwaves through the developer community, a North Korean state-sponsored hacking group has successfully compromised the popular Axios ...
LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Hackers linked to North Korea are suspected of an ambitious attack on an inconspicuous but widely used software package, ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果